Anti-spam team, Confirmed users
99
edits
User:Apking/Web Security Guidelines: Difference between revisions
Jump to navigation
Jump to search
User:Apking/Web Security Guidelines (view source)
Revision as of 20:40, 14 January 2016
, 14 January 2016err, fix ordering
(visual tweaks) |
(err, fix ordering) |
||
| Line 503: | Line 503: | ||
| style="text-align: center;" | P2 | | style="text-align: center;" | P2 | ||
| style="text-align: center;" | High | | style="text-align: center;" | High | ||
| style="text-align: center;" | | | style="text-align: center;" | 9 | ||
| Mandatory for new websites<br>Recommended for existing websites | | Mandatory for new websites<br>Recommended for existing websites | ||
| Disabling inline script is the greatest concern for CSP implementation | | Disabling inline script is the greatest concern for CSP implementation | ||
| Line 517: | Line 517: | ||
| style="text-align: center;" | P4 | | style="text-align: center;" | P4 | ||
| style="text-align: center;" | Easy | | style="text-align: center;" | Easy | ||
| style="text-align: center;" | | | style="text-align: center;" | 8 | ||
| Mandatory for all new websites<br>Recommended for existing sites | | Mandatory for all new websites<br>Recommended for existing sites | ||
| Websites should serve contribute.json and keep contact information up-to-date | | Websites should serve contribute.json and keep contact information up-to-date | ||
| Line 524: | Line 524: | ||
| style="text-align: center;" | P3 | | style="text-align: center;" | P3 | ||
| style="text-align: center;" | Easy | | style="text-align: center;" | Easy | ||
| style="text-align: center;" | | | style="text-align: center;" | 10 | ||
| Mandatory | | Mandatory | ||
| Origin sharing headers and files should not be present, except for specific use cases | | Origin sharing headers and files should not be present, except for specific use cases | ||
| Line 538: | Line 538: | ||
| style="text-align: center;" | P5 | | style="text-align: center;" | P5 | ||
| style="text-align: center;" | Easy | | style="text-align: center;" | Easy | ||
| style="text-align: center;" | | | style="text-align: center;" | 12 | ||
| Optional | | Optional | ||
| Websites that implement robots.txt must use it only for noted purposes | | Websites that implement robots.txt must use it only for noted purposes | ||
| Line 545: | Line 545: | ||
| style="text-align: center;" | P5 | | style="text-align: center;" | P5 | ||
| style="text-align: center;" | Moderate | | style="text-align: center;" | Moderate | ||
| style="text-align: center;" | | | style="text-align: center;" | 13 | ||
| Recommended<sup style="font-size: .8em; position: relative; top: -.4em; vertical-align: baseline;">‡</sup> | | Recommended<sup style="font-size: .8em; position: relative; top: -.4em; vertical-align: baseline;">‡</sup> | ||
| <sup style="font-size: .8em; position: relative; top: -.4em; vertical-align: baseline;">‡</sup> Only for websites that load JavaScript or stylesheets from non-Mozilla sources | | <sup style="font-size: .8em; position: relative; top: -.4em; vertical-align: baseline;">‡</sup> Only for websites that load JavaScript or stylesheets from non-Mozilla sources | ||
| Line 552: | Line 552: | ||
| style="text-align: center;" | P3 | | style="text-align: center;" | P3 | ||
| style="text-align: center;" | Easy | | style="text-align: center;" | Easy | ||
| style="text-align: center;" | | | style="text-align: center;" | 7 | ||
| Recommended for all websites | | Recommended for all websites | ||
| Websites should verify that they are setting the proper MIME types for all resources | | Websites should verify that they are setting the proper MIME types for all resources | ||
| Line 566: | Line 566: | ||
| style="text-align: center;" | P4 | | style="text-align: center;" | P4 | ||
| style="text-align: center;" | Moderate | | style="text-align: center;" | Moderate | ||
| style="text-align: center;" | | | style="text-align: center;" | 11 | ||
| Mandatory for all new websites<br>Recommended for existing websites | | Mandatory for all new websites<br>Recommended for existing websites | ||
| Manual testing should be done for existing websites, prior to implementation | | Manual testing should be done for existing websites, prior to implementation | ||