You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -21,7 +21,7 @@ This is a placeholder for future documentation requirements.
|**13.1.5**|[DELETED, INSUFFICIENT IMPACT]|||||
|**13.1.6**|[MODIFIED, MOVED FROM 13.2.6, LEVEL L2 > L3] Verify that per-message digital signatures are used to provide additional assurance on top of transport protections for requests or transactions which are highly sensitive or which traverse a number of systems. ||| ✓ | 345 |
|**13.1.7**|[MODIFIED, MOVED FROM 14.4.1] Verify that every HTTP response with a message body contains a Content-Type header field that matches the actual content of the response, including the charset parameter to specify safe character encoding (e.g., UTF-8, ISO-8859-1) according to IANA Media Types, such as "text/", "/+xml" and "/xml". | ✓ | ✓ | ✓ | 173 |
|**13.1.8**|[ADDED] Verify that HTTPS-based endpoints will respond to non-encrypted HTTP requests with either an error or no response. It must not respond with a redirect to the HTTPS endpoint to avoid clients accidentally sending data over plaintext HTTP, but this not being discovered due to an automatic redirect. | ✓| ✓ | ✓ ||
|**13.1.8**|[ADDED] Verify that HTTPS-based endpoints will only respond to non-encrypted HTTP requests with an error or will not respond at all. Responding with an automatic redirect to the HTTPS endpoint may lead to clients accidentally sending data over non-encrypted HTTP, but this is not being discovered. || ✓ | ✓ ||
