From 23a41f09cdf455b79cd3d1dcabd156dc6e934db2 Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Fri, 30 Dec 2022 17:12:34 +0000
Subject: [PATCH] Issue #3307227 by immaculatexavier, Niklan: OWASP link for
 useful HTTP headers is outdated

---
 .../Drupal/Core/EventSubscriber/FinishResponseSubscriber.php    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php
index 23f13695d32f..b5fc2aaf25a6 100644
--- a/core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php
+++ b/core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php
@@ -121,7 +121,7 @@ public function onRespond(ResponseEvent $event) {
     // Prevent browsers from sniffing a response and picking a MIME type
     // different from the declared content-type, since that can lead to
     // XSS and other vulnerabilities.
-    // https://www.owasp.org/index.php/List_of_useful_HTTP_headers
+    // https://owasp.org/www-project-secure-headers
     $response->headers->set('X-Content-Type-Options', 'nosniff', FALSE);
     $response->headers->set('X-Frame-Options', 'SAMEORIGIN', FALSE);
 
-- 
GitLab