X-Git-Url: https://git.martlubbers.net/?a=blobdiff_plain;f=report%2Fv11_httpsec.tex;h=d1d2a5846dda0a3f2395062fbafed44f049ea411;hb=7b4f3b58aaa2b1f15acaacfb28f5ce20903f7c5e;hp=1b0cc4fe3340bc76965d88bb6b1cc51b126911f5;hpb=f907dd355223b6c59eb774880b391969fd7543b8;p=ssproject1617.git

diff --git a/report/v11_httpsec.tex b/report/v11_httpsec.tex
index 1b0cc4f..d1d2a58 100644
--- a/report/v11_httpsec.tex
+++ b/report/v11_httpsec.tex
@@ -16,7 +16,7 @@ blocked.
 \item\pass{}
 Verify that every \HTTP{} response contains a
 content type header specifying a safe character set
-(e.g., \emph{UTF-8}, \emph{ISO 8859{-}1}).
+(e.g., UTF-8, ISO 8859{-}1).
 \begin{result}
     Content type headers may be set anywhere in the application. Furthermure,\\
     \code{Response::send} ensures that if no content type header is set, all
@@ -31,7 +31,7 @@ authenticated by the application.}
 % No proxies are present
 
 \item\fail{}
-Verify that a suitable X-FRAME-OPTIONS header is
+Verify that a suitable \code{X-FRAME-OPTIONS} header is
 in use for sites where content should not be
 viewed in a 3rd-party X-Frame.
 \begin{result}
@@ -54,8 +54,7 @@ information of system components.
 \end{result}
 
 \item\fail{}
-Verify that all \API{} responses contain \code{X-Content-Type-Options:
-nosniff} and\\
+Verify that all \API{} responses contain \code{X-Content-Type-Options: nosniff} and\\
 \code{Content-Disposition: attachment; filename="api.json"} (or other
 appropriate filename for the content type).
 \begin{result}
@@ -71,7 +70,7 @@ JSON, and JavaScript injection vulnerabilities.
 \end{result}
 
 \item\fail{}
-Verify that the X-XSS-Protection: 1; mode=block
+Verify that the \code{X-XSS-Protection: 1; mode=block}
 header is in place to enable browser reflected \XSS{}
 filters.
 \begin{result}