-
Sandstorm should come with an option to turn on HTTP Strict Transport Security. Ideally, such an option should be turned on by default.
-
Hello team,
I didnt find an email to disclose the issue privately, so I'm writing here.
The story began with my research around ElasticSearch, which uses Netty as a web server. After few digging, I f…
-
Switch from HTTP to HTTPS for security.
-
I've just installed and started with LibreTime (I don't know how to see version at web interface) and my website has following HTTP headers set:
```
Header set Strict-Transport-Security "max-age=1…
-
### Bug description
When I visit the main webpage of JupyterHub, a number of security headers are missing:
- "Strict-Transport-Security"
- "X-Frame-Options"
- "X-Content-Type-Options"
- "X-…
-
Als weiteres Kriterium für die Qualität einer Website wird der Schutz mit Security Headern gesehen. Siehe https://securityheaders.com/?q=gruene-xhain.de&followRedirects=on
Wäre gut, das mit zu verw…
-
First of all, thank you a lot for offering such service as an alternative to the paid IMDB API.
I just created an key to play around the API and noticed that all the interaction has been done via p…
-
This is both for the frontend and for the reverse proxy: https://github.com/protosio/protos/issues/24
-
There is an HTTP response splitting vulnerability in the login redirection. When formatting the service parameter any control characters should be removed.
See https://www.owasp.org/index.php/HTTP_…
-
Maybe automatically disable protection for this site?
Firefox for example automatically blocks all the content fetched from non-secure origins, but we need it.