craSH
commented
8 years ago Is this something that can make it back to current and previous versions as well? At least for some of the headers, they can be easily added to the web server configuration without needing to be application-specific (like CSP would need).
romichg
As @craSH points out "I checked the current one and it doesn't appear to have explicit Clickjacking prevention via X-Frame-Options headers (or any of the security headers, woups)"
We should set appropriate security headers. https://securityheaders.io/?q=https%3A%2F%2Fteammentor.net%2Fangular%2Fguest%2Flogin&hide=on