W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2022

Is it necessary to set secure header for JavaScript file?

From: Ricardo Iramar dos Santos <riramar@gmail.com>
Date: Wed, 16 Mar 2022 09:22:00 -0300
Message-ID: <CAE5Wca2Y6+nAkyQRROXzA6OHsazGvogPXe4NoOD-GJZyibzaZQ@mail.gmail.com>
To: WebAppSec WG <public-webappsec@w3.org>
Hi All,

On the OWASP Secure Headers project we got the simple question "Is it
necessary to set secure header for JavaScript file?" (
https://github.com/OWASP/www-project-secure-headers/discussions/64) and I
was not really sure about all the headers which apply to JS file.
Do you guys have any documentation or suggestion of which headers would be
applicable only a browser loads a JS file? Is that depends how the JS file
was loaded?

Best regards,
Ricardo Iramar
Received on Wednesday, 16 March 2022 12:23:22 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 16 March 2022 12:23:23 UTC