Support by various browsers for various HTTP security headers

Discussion in 'other security issues & news' started by MrBrian, Mar 22, 2014.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  3. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    747
    Location:
    Canada
    It says "Content-Security-Policy" fails for Chromium, while my experience is that it works (HTTPSB uses this for preventing inline javascript).

    I looked into all the headers received when running the test, and nowhere did I see an instance of the header "Content-Security-Policy". So far it looks like the test failed because they actually didn't use the "Content-Security-Policy" header to test the Content Security Policy header... (Firefox "failed" too.)
     
Loading...
Thread Status:
Not open for further replies.