Is it necessary to set secure header for JavaScript file? from Ricardo Iramar dos Santos on 2022-03-16 (public-webappsec@w3.org from March 2022)

From: Ricardo Iramar dos Santos <riramar@gmail.com>
Date: Wed, 16 Mar 2022 09:22:00 -0300
To: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CAE5Wca2Y6+nAkyQRROXzA6OHsazGvogPXe4NoOD-GJZyibzaZQ@mail.gmail.com>

Hi All,

On the OWASP Secure Headers project we got the simple question "Is it
necessary to set secure header for JavaScript file?" (
https://github.com/OWASP/www-project-secure-headers/discussions/64) and I
was not really sure about all the headers which apply to JS file.
Do you guys have any documentation or suggestion of which headers would be
applicable only a browser loads a JS file? Is that depends how the JS file
was loaded?

Best regards,
Ricardo Iramar

Received on Wednesday, 16 March 2022 12:23:22 UTC