-
-
### Bug description
When I visit the main webpage of JupyterHub, a number of security headers are missing:
- "Strict-Transport-Security"
- "X-Frame-Options"
- "X-Content-Type-Options"
- "X-…
-
Working for the current (3.9.3) are the following ones:
```
Strict-Transport-Security "max-age=63072000";
X-Frame-Options "sameorigin";
Content-Security-Policy "default-src 'self'; style-src 'se…
-
Probably me doing something dumb, but couldn't find an example anywhere or anything in the documentation.
How would I implement the equivalent of something like this
```ts
return new Response(n…
-
I've just installed and started with LibreTime (I don't know how to see version at web interface) and my website has following HTTP headers set:
```
Header set Strict-Transport-Security "max-age=1…
-
Context: https://github.com/rust-lang/rust-www/issues/148
CloudFront doesn't support HSTS (https://forums.aws.amazon.com/thread.jspa?messageID=651244). Could potentially proxy through doc.r-l.o like …
-
Related to the following bug https://bugzilla.mozilla.org/show_bug.cgi?id=1904317.
Network interception commands such as `continueRequest` allow to override headers list. As soon as a non-null valu…
-
**Is your feature request related to a problem? Please describe.**
An organization may have one more security strategies, that also may be specific to a certain flow. These may also extend to various…
-
**Describe the issue**
The list of HTTP headers that we parse (for checking against non-standard and deprecation) is currently hardcoded. Ideally this should be read from a config file. A next step w…
-
The qualys API service uses rate-limiting headers. Let's ensure that the integration honors these to avoid hitting 409s.
### Example headers in response:
```
x-ratelimit-limit: 300
x-ratelimit…