V14.4 — HTTP Security Headers
HTTP Security Headers: 7 L3 requirement(s). V14.4.1: Verify that every HTTP response contains a Content-Type header. Also specify a safe character set (e.g., UTF-8, ISO-8859... V14.4.2: Verify that all API responses contain a Content-Disposition: attachment; filename="api.json" header (or other appropriat... V14.4.3: Verify that a Content Security Policy (CSP) response header is in place that helps mitigate impact for XSS attacks like ... ... and 4 more.
| Property | Value |
|---|---|
| Section | V14.4 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-HARD-05 | Browser Security Controls |
Source: OWASP Application Security Verification Standard 4.0.3