Update DrHeader according to OWASP Secure Headers Project

Question

Update DrHeader according to OWASP Secure Headers Project

manuel-sommer opened this issue 3 years ago · 2 comments

drHEADer version: 1.5.3
Python version: 3.8.10
Operating System: Linux

This Project should be updated according to the best practice reommendations of the OWASP Secure Headers Project https://owasp.org/www-project-secure-headers/

Multiple Headers suggested in the OWASP Secure Headers Project are not scanned with DrHeader (e.g. Cross-Origin-Opener-Policy).

Furthermore, we should merge development into master (Last release was Nov 2, 2020) to apply the deprecated X-XSS header #137.

Answer 1 · 2021-11-08T11:08:08.000Z

Thanks @manuel-sommer. We're going to be publishing a refactor of some of the code in the next few weeks and will look at your recommendations after that.

Answer 2 · 2021-11-08T12:41:37.000Z

@dpauk , you can review the PR or take it as a starting point.