Open JJ opened 4 years ago
Looking at the values in the last generation, there's only one that's consistently 0, the nosniff
option. That could have been implemented by hand, but there are 700 possible configuration directives and it's impossible for a human expert to know which values are the best; even if it's "secure by default", it's impossible to know if changing a specific value will make it more secure or not. An optimization approach to both hardening and generation of multiple values is safer, and also more efficient.