-
- [x] X-Frame-Options
- [x] X-XSS-Protection
- [x] X-Content-Type-Options
- [x] HSTS
- [x] CSP
-
Hi!
I'm trying to build a request for a SOAP service that requires WS-Security headers. It expects a call like this:
I tried associating a map with the expected headers into the mapping like…
eraad updated
2 years ago
-
-
-
https://securityheaders.com/?q=https%3A%2F%2Fwiki-adventure.herokuapp.com%2F&followRedirects=on
-
I think we should configure our server to send security HTTP headers
```
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy no-referrer-when-downgrade
```
This c…
-
I can see security headers added on live site, but can't find middleware reponsible for it?
-
In Ghost we have the ability to set a content type header for any custom route in routes.yaml, but otherwise, headers are not customisable.
There are many different headers that a user might want t…
-
This should be mostly an `nginx` centric change. Few missing headers were detected during the responses returned by the API, namely:
- `strict-transport-security`
- `content-security-policy`
- `permis…
-
Hello,
The server does not restrict access or validate input, making it vulnerable to malicious requests.
Fix:
Add basic security measures such as input validation and CORS headers:
def do_GET(s…