Jonathan Hodgson
|
cad2f2d2d5
|
BIN: analyse-headers: Add more notes to expect-ct description
As pointed out by <Dom Ingram>, the expect-ct is likely to become
obsolete in June 2012
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
|
4 years ago |
|
Jonathan Hodgson
|
7ea1e9a964
|
BIN: analyse-headers: Fix incorrect reporting of SSL issues
It turns out the SSL flags secure and httponly are not case sensitive.
https://tools.ietf.org/html/rfc6265#section-5.2.5
I cannot find any documentation about the SameSite=Strict so I will
leave it case sensitive for now. The spec for that section is here:
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-5.2
Thanks <Dom Ingram> for flagging this
|
4 years ago |
|
Jonathan Hodgson
|
7a7ffc608d
|
BIN: analyse-headers: add expect-ct and start referrer-policy
|
4 years ago |
|
Jonathan Hodgson
|
3ce547a0b2
|
BIN: Analyse-headers: Adds to description for cookie flag
|
4 years ago |
|
Jonathan Hodgson
|
fb5774a584
|
BIN: analyse-headers: fix error "wrap command not found"
|
4 years ago |
|
Jonathan Hodgson
|
9ef36af8f7
|
BIN: analyse-headers: adds feature-policy and permissions-policy checks
|
4 years ago |
|
Jonathan Hodgson
|
61097006a4
|
BIN: analyse-headers: Wrap text in descriptions
The text in descriptions is now wrapped to 80 chars. This does not
affect the headers printed at the top which are not wrapped
|
4 years ago |
|
Jonathan Hodgson
|
af81ccd62e
|
BIN: Adds SameSite check in analyse-headers script
The script will now warn you if the SameSite option is not set to Strict
on cookies.
|
4 years ago |
|
Jonathan Hodgson
|
1f29c17ab5
|
BIN: Fix webtest script when : in cookies
If there was a colon in a cookie, the script would misidentify insecure
cookie configurations
|
4 years ago |
|
Jonathan Hodgson
|
a3f75d9b32
|
BIN: Adds analyse-headers script
The script is in early stages of development but should work for some of
the most common mis-configurtaions.
|
4 years ago |
