Update DrHeader according to OWASP Secure Headers Project
manuel-sommer opened this issue · 2 comments
manuel-sommer commented
- drHEADer version: 1.5.3
- Python version: 3.8.10
- Operating System: Linux
This Project should be updated according to the best practice reommendations of the OWASP Secure Headers Project https://owasp.org/www-project-secure-headers/
Multiple Headers suggested in the OWASP Secure Headers Project are not scanned with DrHeader (e.g. Cross-Origin-Opener-Policy).
Furthermore, we should merge development into master (Last release was Nov 2, 2020) to apply the deprecated X-XSS header #137.
dpauk commented
Thanks @manuel-sommer. We're going to be publishing a refactor of some of the code in the next few weeks and will look at your recommendations after that.
manuel-sommer commented
@dpauk , you can review the PR or take it as a starting point.