OwaspHeaders.Core icon indicating copy to clipboard operation
OwaspHeaders.Core copied to clipboard

Published 20 hours ago verified publisher icon GaProgMan

Feature-Policy header is not supported

Open GaProgMan opened this issue 7 years ago • 1 comments

Description

The OwaspHeaders.Core middleware does not yet include support for Feature-Policy which is a header related to enabling or disabling certain JavaScript API features.

Quote from Scott Helme's blog:

TheFeature Policy is being created to allow site owners to enable and disable certain web platform features on their own pages and those they embed. Being able to restrict the features your site can use is really nice but being able to restrict features that sites you embed can use is an even better protection to have.

Source: A new security header: Feature Policy

Links to Header Information

GaProgMan avatar Jul 25 '18 22:07 GaProgMan

Due to an update to Security Headers (see footnote), which is a tool that a lot of users use to check their website security headers, this header should be implemented as soon as possible.

Footnote

Security Headers Updates - published July 22nd, 2019

GaProgMan avatar Jul 22 '19 11:07 GaProgMan

Feature-Policy has been deprecated in favour of Permissions-Policy. This issue should be closed. See: https://owasp.org/www-project-secure-headers/#feature-policy for further details.

jamie-taylor-rjj avatar May 11 '23 21:05 jamie-taylor-rjj