Rules
Security Rules
HttpHeaderXSSProtectionPresent
| What does it test? | X-XSS-Protection HTTP header is present |
| More infos? | More Infos about X-XSS-Protection header |
HttpHeaderXSSProtectionSecure
| What does it test? | X-XSS-Protection HTTP header is present and value is "1; mode=block" |
| More infos? | More Infos about X-XSS-Protection header |
HttpHeaderExposeLanguage
| What does it test? | X-Powered-By HTTP header is not present |
| More infos? | More Infos about expose_php in php.ini. |
HttpHeaderContentTypeNoSniffing
| What does it test? | X-Content-Type-Options HTTP header is present and has value "nosniff" |
| More infos? | More Infos about X-Content-Type-Options header |
HttpHeaderFrameOptionsSameOrigin
| What does it test? | X-Frame-Options HTTP header is present and has value "SAMEORIGIN" |
| More infos? | More Infos about X-Frame-Options header |
HttpHeaderCookieWithHttpOnlyFlag
| What does it test? | Flag HttpOnly is set for cookies |
| More infos? | More infos about httpOnly cookie flag. |
HttpHeaderCookieWithHttpSecureFlag
| What does it test? | Flag Secure is set for cookies |
| More infos? | More infos about secure cookie flag. |
HttpHeaderHSTSPresent
| What does it test? | Strict-Transport-Security HTTP header is present |
| More infos? | More Infos about HSTS. |
HttpHeaderHSTSWithSubdomains
| What does it test? | Strict-Transport-Security HTTP header is present and contains the "includeSubDomains" Flag |
| More infos? | More Infos about HSTS. |
ValidSslCertificate
| What does it test? | Whether the SSL certificate is valid |
| More infos? | This only works when curl is installed and is used to request the resource. See Guzzle docu for the reason. |