V14.5 — HTTP Request Header Validation
HTTP Request Header Validation: 4 L3 requirement(s). V14.5.1: Verify that the application server only accepts the HTTP methods in use by the application/API, including pre-flight OPT... V14.5.2: Verify that the supplied Origin header is not used for authentication or access control decisions, as the Origin header ... V14.5.3: Verify that the Cross-Origin Resource Sharing (CORS) Access-Control-Allow-Origin header uses a strict allow list of trus... ... and 1 more.
| Property | Value |
|---|---|
| Section | V14.5 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-HARD-02 | Input Validation and Injection Prevention |
Source: OWASP Application Security Verification Standard 4.0.3