checker-http

7 commits 1 branch 1 tag 138 KiB

Author	SHA1	Message	Date
Pierre-Olivier Mercier	4be2bc9343	Update rules section	2026-04-30 08:57:39 +07:00
Pierre-Olivier Mercier	77f8ee4024	checker: build host FQDN from subdomain + apex at service scope	2026-04-30 08:57:31 +07:00
Pierre-Olivier Mercier	603e93355b	Deepen CSP, Permissions-Policy and cookie audits v0.1.0 Detect CSP weaknesses individually (unsafe-inline, unsafe-eval, missing default-src/script-src, permissive sources on script-src or its default-src fallback) instead of a single catch-all "unsafe" code, and honour CSP3 fetch-directive fallback via EffectiveSources/WildcardSource helpers. Validate Permissions-Policy values: warn when a powerful feature (camera, microphone, geolocation, payment, sensors, …) is granted to all origins. Add a SameSite aggregate state on cookie audits so callers get the global ratio alongside per-cookie diagnostics.	2026-04-28 18:43:07 +07:00
Pierre-Olivier Mercier	27a30638f4	Add redirect-chain rules per RFC 9110 §15.4	2026-04-28 18:42:54 +07:00
Pierre-Olivier Mercier	2250902a94	Add RFC 6265bis cookie checks: name prefixes and per-cookie size	2026-04-28 18:42:45 +07:00
Pierre-Olivier Mercier	01bdadd2ab	Add modern security header rules	2026-04-28 18:42:26 +07:00
Pierre-Olivier Mercier	542ebdea34	Initial commit	2026-04-28 18:42:11 +07:00