-
The [`X-Frame-Options`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) header is used to indicate whether the content can be embedded in another via an ``, and is [supporte…
-
The tests are missing placeholder values.
Additionally we are missing a means to provide them
* DOMXSS
** NO_SINKS_FOUND
** NO_SOURCES_FOUND
** SINKS_FOUND
** SOURCES_FOUND
* HEADER
**…
-
For the following report from https://openbadgesvalidator.imsglobal.org, it still shows `Valid: True, Error Count: 0` even though `revoked: true` and the error code returned is 410. It's still a valid…
ghost updated
5 years ago
-
Websites should have an explicit way to restrict any kind of cross-origin load to protect themselves against Spectre attacks. Content such as images, video, and audio may be sensitive and websites may…
-
( commit 2f8539f8957ca830fe08fbf3c474896e5f177286 )
Scanning my domain gives this text which is unclear to me:
```
Inkorrekte HTTP Content-Type Konfiguration
Der Content-Type ist eine Angabe…
-
I have monitored a crash from end user, but I can't reproduce it, the logs below:
0 Instructions _TFC12Instructions11FlowManager22createAndShowCoachMarkfTSb_T_ (FlowManager.swift:184)
(FlowManage…
-
### Description
I'm already setting my security headers via the `web/.htaccess`. There I set `X-Frame-Options` and `X-Content-Type-Options` along with other headers. Every dashboard page includes d…
-
https://observatory.mozilla.org and https://securityheaders.io/
Current Score
Test | Score | Explanation
-- | -- | --
Content Security Policy |-25| Content Security Policy (CSP) header not im…
-
Previously this read
> Everything is 100% except for one bonus and the overall score is 95%. Why?
The questions now merely are
1. What would be the proper text to display?
2. What do we need…
-
After reading this:
https://www.fastly.com/blog/headers-we-dont-want
It struck me that there doesn't seem to be a way to remove headers on an app-wide basis.
What would be the best way to ach…