-
**Issue Summary**
Our Flask application currently does not set the Strict-Transport-Security (HSTS) header, which results in a security warning. The absence of this header means that browsers do no…
-
For example, https://frame.work/blog/linux-on-the-framework-laptop won't work with Columnate because of scripting limitations imposed by the Content Security Policy headers. https://developers.google.…
-
-
-
### Proposed Changes
- `add_header X-Content-Type-Options nosniff;` to `server` section
- Recommend `server_tokens off;` in `http` section of `/etc/nginx/nginx.conf`?
### Justification
…
-
The specification suggests that content-security-policy HTTP headers are added to GET requests.
-
The script should be picked up automatically when it changes and hosted at https://dl.brave.com/install.sh
It should be served with these headers:
```
Content-Type: text/plain; charset=utf-8
Con…
-
## Summary
This is a proposal to add an event tracking system to MEP. This will help us gather data on player actions for instance level completion, fails, time spent, etc. The goal is to better unde…
-
:
> What headers do you check for?
>
> Depending on the circumstances, we can check for a wide range of response headers. It's best to conduct a scan and see the list of headers that are present…
-
Hi,
I have the following config in `netlify.toml`:
```
[[plugins]]
package = "@netlify/plugin-csp-nonce"
[plugins.inputs]
reportOnly = false
excludedPath = [
"/geo"
…