search

dionach / HeadersAnalyzer

Burp extension that checks for interesting and security headers
BSD 3-Clause "New" or "Revised" License
42 stars 19 forks source link

Why should X-Permitted-Cross-Domain-Policies be master-only only #9

Open mikeblakeuk opened 2 years ago

mikeblakeuk commented 2 years ago

Why should X-Permitted-Cross-Domain-Policies be master-only only?

Why not just none?

See: https://owasp.org/www-project-secure-headers/#x-permitted-cross-domain-policies

https://github.com/dionach/HeadersAnalyzer/blob/master/HeadersAnalyzer.py#L551

mikeblakeuk commented 2 years ago

https://github.com/PortSwigger