| Standard | Title | ergo Module |
|---|
| RFC 9110 | HTTP Semantics | http/send, http/accepts, http/precondition |
| RFC 9111 | HTTP Caching | http/cache-control |
| RFC 9457 | Problem Details for HTTP APIs | utils/http-errors, http/send |
| RFC 9205 | Building Protocols with HTTP | Design philosophy |
| Standard | Title | ergo Module |
|---|
| RFC 7235 | HTTP Authentication | http/authorization |
| RFC 6750 | Bearer Token Usage | http/authorization, lib/authorization |
| RFC 7617 | The ‘Basic’ HTTP Authentication Scheme | http/authorization, lib/authorization |
| Standard | Title | ergo Module |
|---|
| RFC 7578 | Returning Values from Forms: multipart/form-data | http/body |
| RFC 7240 | Prefer Header for HTTP | http/prefer, lib/prefer |
| RFC 8288 | Web Linking | lib/link |
| Standard | Title | ergo Module |
|---|
| RFC 6797 | HTTP Strict Transport Security (HSTS) | http/security-headers |
| RFC 6265 | HTTP State Management (Cookies) | http/cookie, lib/cookie |
| RFC 6585 §4 | 429 Too Many Requests | http/rate-limit |
| W3C CSP Level 3 | Content Security Policy | http/security-headers |
| Fetch Standard | CORS Protocol | http/cors, lib/cors |
| OWASP CSRF | CSRF Prevention | http/csrf, lib/csrf |
| Standard | Title | ergo Coverage |
|---|
| OWASP API Security Top 10 | Top API security risks | Pipeline stage ordering, rate limiting, input bounding, security headers |
| OWASP REST Security | REST API security best practices | Auth enforcement, input validation, error redaction, security headers |
| OWASP Input Validation | Input validation best practices | JSON Schema validation, bounded parsing, null-prototype objects |
| OWASP CSRF Prevention | CSRF prevention patterns | http/csrf, lib/csrf |
See the Security page for a detailed mapping of ergo
features to OWASP API Security Top 10 risks.
