Update DrHeader according to OWASP Secure Headers Project

Santandersecurityresearch / DrHeader

drHEADer helps with the audit of security headers received in response to a single request or a list of requests.

MIT License

105 stars 26 forks source link

Update DrHeader according to OWASP Secure Headers Project #164

Open manuel-sommer opened 3 years ago

manuel-sommer commented 3 years ago

drHEADer version: 1.5.3
Python version: 3.8.10
Operating System: Linux

This Project should be updated according to the best practice reommendations of the OWASP Secure Headers Project https://owasp.org/www-project-secure-headers/

Multiple Headers suggested in the OWASP Secure Headers Project are not scanned with DrHeader (e.g. Cross-Origin-Opener-Policy).

Furthermore, we should merge development into master (Last release was Nov 2, 2020) to apply the deprecated X-XSS header #137.

dpauk commented 3 years ago

Thanks @manuel-sommer. We're going to be publishing a refactor of some of the code in the next few weeks and will look at your recommendations after that.

manuel-sommer commented 3 years ago

@dpauk , you can review the PR or take it as a starting point.