-
__Context__
As outlined in #191 CSP headers are an important (along with other HTTP headers) way of restricting the impact of a XSS or malware infection. The questions around the next stage are as …
-
# 🌱 Feature Request
## Is your feature request related to a problem? Please describe.
Currently the package doesn't support the `Feature-Policy` header, nor the `Permission-Policy` header.
Although…
-
I know that the package is meant to not use them directly, but sometimes it could be useful to be able to insert nonces and hashes directly instead of relying on the given API methods.
It's actually …
-
https://securityheaders.com/?q=affili.net has a helpful line at the top of the report for redirects allowing one-click following of the redirect to get the report on the redirect target.
It would b…
-
According to [docs](https://securityheaders.com/api/docs/ ) of security headers, we need to pass an API key for the request, but the current implementation doesn't provide a way to do so.
P.S. Refer…
-
I can't find a way to set StaticSite's security headers, like `X-Frame-Options: "SAMEORIGIN"`. The SSR sites allow you do manually set headers in responses (and I think they have the defaults as high…
-
@ajvb We're already doing all these https://github.com/cryptag/gosecure/blob/master/gosecure.go
There is probably more we can do: https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
-
When running test for a long time, the following exception occurs. why?
------------------------------------------------------------------------------------
Traceback (most recent call last):
Fil…
-
It's great to see the changes in 1.0.0 preview1 around supporting multiple policies. I will now be able (and actually required, because it will become incompatible) to remove my custom code that I de…
-
The central thesis of the Firefox versus Chromium article still stands, but some details have changed to narrow the gap between the two.
The most significant one: Mozilla has been working on a "uti…