Skip to content

Commit

Permalink
1697-x-headers
Browse files Browse the repository at this point in the history
  • Loading branch information
elarlang committed Nov 9, 2023
1 parent b654f91 commit ba0a01a
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions 5.0/en/0x22-V14-Config.md
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ Configurations for production should be hardened to protect against common attac
| **14.5.5** | [MODIFIED, MOVED FROM 13.2.1] Verify that HTTP requests using the HEAD, OPTIONS, TRACE or GET verb do not modify any backend data structure or perform any state-changing actions. These requests are safe methods and should therefore not have any side effects. |||| 650 |
| **14.5.6** | [ADDED] Verify that the infrastructure follows RFC 2616 and ignores the Content-Length header field if a Transfer-Encoding header field is also present. | ||| 444 |
| **14.5.7** | [ADDED] Verify that the web application warns users who are using an old browser which does not support HTTP security features on which the application relies. The list of old browsers must be periodically reviewed and updated. | | || 1104 |
| **14.5.8** | [ADDED] Verify that if the application uses HTTP headers such as X-Real-IP and X-Forwarded-*, which are defined by intermediary devices like load balancers or proxies, that these cannot be overridden by the end-user. | ||| 345 |

## V14.6 HTTP/2

Expand Down

0 comments on commit ba0a01a

Please sign in to comment.