-
### Are you experiencing an issue with...
shields.io
### 🐞 Description
Security Headers now requires an API key from https://securityheaders.com/api/ which means that the generated badge from shiel…
-
Title: Need to add security headers and CORS policies
**As a** service provider
**I need** my service to use security headers and CORS policies
**So that** my web site is not vulnerable to…
-
Mozilla published a new tool to judge webpage security. They complain about a couple of http headers missing from dokuwiki, see:
https://observatory.mozilla.org/analyze.html?host=www.dokuwiki.org
In …
-
-
I'm not aware of any vulnerability. But as good security hygiene we should set security headers on the HTTP responses returned by all our marketing sites (originprotocol.com; ousd.com; story.xyz).
I …
-
It looks like you are adding headers before calling next() in the middleware. This means that any middleware registered after the security header middleware does not have a chance to preempt the middl…
-
When using Tampermonkey, some scripts require the option "Modify existing content security policy (CSP) headers" under the "Security" section in Tampermonkey settings to be set to "yes" in order to wo…
-
@mrivasperez Thanks for building this amazing lightweight browser. I am using this for a different use case of building a super app for AI users. AI users can visit only AI platforms like chatgpt, cla…
-
### Description
There’s still room for [example-advanced.nginx.conf](https://github.com/cryptpad/cryptpad/blob/main/docs/example-advanced.nginx.conf) to be tuned.
### Steps to reproduce
See h…
-
#### What would you like to be added:
Implement all the domain hardening and security headers for web apps.
E.g. https://github.com/DeFiCh/scan/blob/62661206c50e7ea2e4786bf0f1e3fa5392484ac3/…