diff options
| author | Artur Juraszek <artur@juraszek.xyz> | 2018-10-29 23:19:04 +0100 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2018-10-30 18:30:51 -0400 |
| commit | 817c6cdf0e2a72362045ca503af01830df9b9d36 (patch) | |
| tree | 9c9a9efd190546275b0ecb36178cf2fbc00d83c1 /docs | |
| parent | c1c68d1ac0f0d50eb37df32892b132f31a1179da (diff) | |
Capitalized SecurityMiddleware headers for consistency with other headers.
(No behavior change since HTTP headers are case insensitive.)
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/checks.txt | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/ref/checks.txt b/docs/ref/checks.txt index dd74639d33..0173f437d0 100644 --- a/docs/ref/checks.txt +++ b/docs/ref/checks.txt @@ -347,11 +347,11 @@ The following checks are run if you use the :option:`check --deploy` option: your domain should be served exclusively via SSL. * **security.W006**: Your :setting:`SECURE_CONTENT_TYPE_NOSNIFF` setting is not set to ``True``, so your pages will not be served with an - ``'x-content-type-options: nosniff'`` header. You should consider enabling + ``'X-Content-Type-Options: nosniff'`` header. You should consider enabling this header to prevent the browser from identifying content types incorrectly. * **security.W007**: Your :setting:`SECURE_BROWSER_XSS_FILTER` setting is not set to ``True``, so your pages will not be served with an - ``'x-xss-protection: 1; mode=block'`` header. You should consider enabling + ``'X-XSS-Protection: 1; mode=block'`` header. You should consider enabling this header to activate the browser's XSS filtering and help prevent XSS attacks. * **security.W008**: Your :setting:`SECURE_SSL_REDIRECT` setting is not set to |
