Add a test for Content Security Policy headers

[phish]

I haven't found any test that includes looking at the Content Security Headers.
I would expect this to be included either in

• 02-Configuration_and_Deployment_Management_Testing or in
• 11-Client-side_Testing where it is closely related to 02-Testing_for_JavaScript_Execution.md

Typically, we should check for unsafe-eval and other potentially dangerous settings.

[ThunderSon]

I believe this fits in the CONF chapter, and bypasses can link to it in the CLNT chapter.

Would love to add this in!

Are you interested to propose a plan for this addition?

[phish]

I wont be able to work on this before the end of the year. If nothing has been done by then, I'll be happy to contribute.

[github-actions]

Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors.

[phish]

I've finished the document, I'll be posting a pull request soon.

[DotDotSlashRepo]

Oopsie! I did a PR #708 earlier on this.

[github-actions]

Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors.

[github-actions]

Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors.

[github-actions]

Please comment if you are still working on this issue, as it has been inactive for 90 days. To give everyone a chance to contribute, we are releasing it to new contributors.

[github-actions]

Please comment if you are still working on this issue, as it has been inactive for 90 days. To give everyone a chance to contribute, we are releasing it to new contributors.