ASVS Requirement 4.4.2

• Level: 2
• Chapter: V4 API and Web Service
• Section: V4.4 WebSocket
• Source: 0x13-V4-API-and-Web-Service.md

Description

Verify that, during the initial HTTP WebSocket handshake, the Origin header field is checked against a list of origins allowed for the application.