From 817c6cdf0e2a72362045ca503af01830df9b9d36 Mon Sep 17 00:00:00 2001 From: Artur Juraszek Date: Mon, 29 Oct 2018 23:19:04 +0100 Subject: Capitalized SecurityMiddleware headers for consistency with other headers. (No behavior change since HTTP headers are case insensitive.) --- docs/ref/checks.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/ref/checks.txt b/docs/ref/checks.txt index dd74639d33..0173f437d0 100644 --- a/docs/ref/checks.txt +++ b/docs/ref/checks.txt @@ -347,11 +347,11 @@ The following checks are run if you use the :option:`check --deploy` option: your domain should be served exclusively via SSL. * **security.W006**: Your :setting:`SECURE_CONTENT_TYPE_NOSNIFF` setting is not set to ``True``, so your pages will not be served with an - ``'x-content-type-options: nosniff'`` header. You should consider enabling + ``'X-Content-Type-Options: nosniff'`` header. You should consider enabling this header to prevent the browser from identifying content types incorrectly. * **security.W007**: Your :setting:`SECURE_BROWSER_XSS_FILTER` setting is not set to ``True``, so your pages will not be served with an - ``'x-xss-protection: 1; mode=block'`` header. You should consider enabling + ``'X-XSS-Protection: 1; mode=block'`` header. You should consider enabling this header to activate the browser's XSS filtering and help prevent XSS attacks. * **security.W008**: Your :setting:`SECURE_SSL_REDIRECT` setting is not set to -- cgit v1.3