CONTENT_SECURITY_POLICY | 062. Define standard configurations 117. Do not interpret HTML code 175. Protect pages from clickjacking 349. Include HTTP security headers |
DATE | 075. Record exceptional events in logs 320. Avoid client-side control enforcement |
HTTP_ACCESS_CONTROL_ALLOW_METHODS_INSECURE | 266. Disable insecure functionalities |
HTTP_PERMISSIONS_POLICY_HEADER_NOT_PRESENT | 062. Define standard configurations 175. Protect pages from clickjacking 266. Disable insecure functionalities 349. Include HTTP security headers |
HTTP_SERVER_HEADER_LEAKED | 077. Avoid disclosing technical information 176. Restrict system objects |
HTTP_X_ASPNET_MVC_VERSION_HEADER_LEAKED | 077. Avoid disclosing technical information 176. Restrict system objects |
HTTP_X_ASPNET_VERSION_HEADER_LEAKED | 077. Avoid disclosing technical information 176. Restrict system objects |
HTTP_X_BACKEND_SERVER_HEADER_LEAKED | 077. Avoid disclosing technical information 176. Restrict system objects |
HTTP_X_POWERED_BY_HEADER_LEAKED | 077. Avoid disclosing technical information 176. Restrict system objects |
HTTP_X_XSS_PROTECTION_ENABLED | 062. Define standard configurations 175. Protect pages from clickjacking 266. Disable insecure functionalities 349. Include HTTP security headers |
LOCATION | 173. Discard unsafe inputs 324. Control redirects |
REFERRER_POLICY | 062. Define standard configurations 349. Include HTTP security headers |
SET_COOKIE_HTTPONLY | 029. Cookies with security attributes |
SET_COOKIE_SAMESITE | 029. Cookies with security attributes |
SET_COOKIE_SECURE | 029. Cookies with security attributes |
STRICT_TRANSPORT_SECURITY | 062. Define standard configurations 181. Transmit data using secure protocols 349. Include HTTP security headers |
SUB_RESOURCE_INTEGRITY | 178. Use digital signatures 262. Verify third-party components 330. Verify Subresource Integrity |
UPGRADE_INSEC_REQ | 062. Define standard configurations 117. Do not interpret HTML code 175. Protect pages from clickjacking 349. Include HTTP security headers |
VIEW_STATE | 026. Encrypt client-side session information |
WWW_AUTHENTICATE | 030. Avoid object reutilization 228. Authenticate using standard protocols 319. Make authentication options equally secure |
X_CONTENT_TYPE_OPTIONS | 062. Define standard configurations 349. Include HTTP security headers |