This is where you set up options that affect the generation of security messages. This page is new to v17.04.

Security Messages Options

Enable general security messages - Check this box to enable general security messages that offer additional checks, advice and help for miscellaneous security issues including issues related to HTTP headers. Most security messages will be generated under the "Security" category. If you are not interested in these messages, then we recommend that they be disabled to slightly increase validation speed. In TNPL (Tag Name Programming Language), this option controls isSecurityEnabled. This option is enabled by default. (New v17.04)

HTTP Headers

The following HTTP headers are recognized. If security messages are enabled then some syntax checks may be done on them and/or additional validator security messages may be generated.

Content-Security-Policy

Content-Security-Policy-Report-Only

Public-Key-Pins

Referrer-Policy

Server

X-AspNet-Version

X-AspNetMvc-Version

X-Content-Type-Options

X-Frame-Options

X-Powered-By

X-XSS-Protection

Security Checks

The following security messages, in addition to messages about HTTP security headers, may be generated if security messages are enabled. Note that this list may not be a complete list and additional security checks not listed here may be performed.

A warning message about possible insecure form submission over HTTP.