Skip to main content

HTTP

In this section, you will find a list of the rules associated with HTTP and the security requirements.

MethodSecurity Requirement
CONTENT_SECURITY_POLICY062. Define standard configurations
117. Do not interpret HTML code
175. Protect pages from clickjacking
349. Include HTTP security headers
DATE075. Record exceptional events in logs
320. Avoid client-side control enforcement
HTTP_ACCESS_CONTROL_ALLOW_METHODS_INSECURE266. Disable insecure functionalities
HTTP_PERMISSIONS_POLICY_HEADER_NOT_PRESENT062. Define standard configurations
175. Protect pages from clickjacking
266. Disable insecure functionalities
349. Include HTTP security headers
HTTP_SERVER_HEADER_LEAKED077. Avoid disclosing technical information
176. Restrict system objects
HTTP_X_ASPNET_MVC_VERSION_HEADER_LEAKED077. Avoid disclosing technical information
176. Restrict system objects
HTTP_X_ASPNET_VERSION_HEADER_LEAKED077. Avoid disclosing technical information
176. Restrict system objects
HTTP_X_BACKEND_SERVER_HEADER_LEAKED077. Avoid disclosing technical information
176. Restrict system objects
HTTP_X_POWERED_BY_HEADER_LEAKED077. Avoid disclosing technical information
176. Restrict system objects
HTTP_X_XSS_PROTECTION_ENABLED062. Define standard configurations
175. Protect pages from clickjacking
266. Disable insecure functionalities
349. Include HTTP security headers
LOCATION173. Discard unsafe inputs
324. Control redirects
REFERRER_POLICY062. Define standard configurations
349. Include HTTP security headers
SET_COOKIE_HTTPONLY029. Cookies with security attributes
SET_COOKIE_SAMESITE029. Cookies with security attributes
SET_COOKIE_SECURE029. Cookies with security attributes
STRICT_TRANSPORT_SECURITY062. Define standard configurations
181. Transmit data using secure protocols
349. Include HTTP security headers
SUB_RESOURCE_INTEGRITY178. Use digital signatures
262. Verify third-party components
330. Verify Subresource Integrity
UPGRADE_INSEC_REQ062. Define standard configurations
117. Do not interpret HTML code
175. Protect pages from clickjacking
349. Include HTTP security headers
VIEW_STATE026. Encrypt client-side session information
WWW_AUTHENTICATE030. Avoid object reutilization
228. Authenticate using standard protocols
319. Make authentication options equally secure
X_CONTENT_TYPE_OPTIONS062. Define standard configurations
349. Include HTTP security headers
Last updated on