Added HTTP security headers without HTTP no-cache headers

Asqatasun / Contrast-Finder

Contrast-Finder finds correct color contrasts (background / foreground) for web accessibility (a11y, WCAG, RGAA). https://app.contrast-finder.org

GNU Affero General Public License v3.0

56 stars 18 forks source link

Added HTTP security headers without HTTP no-cache headers #35

Closed dzc34 closed 7 years ago

dzc34 commented 7 years ago

added the following HTTP security headers: (like #23)

      X-Frame-Options:         DENY
      X-Content-Type-Options:  nosniff
      X-XSS-Protection:        1; mode=block
      referrer-policy:         same-origin

but not added the following HTTP no-cache headers:

      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: 0

Documentation http://docs.spring.io/spring-security/site/docs/current/reference/html/headers.html