Open echox opened 8 years ago
Statuses should support and set the common browser security headers, for example Content-Security-Policy, X-XSS-Protection, HSTS and HPKP.
This should be configurable and turned on by default if possible.
We should consider using https://github.com/ring-clojure/ring-defaults which comes bundled with most of the features you would like to add :-)
Statuses should support and set the common browser security headers, for example Content-Security-Policy, X-XSS-Protection, HSTS and HPKP.
This should be configurable and turned on by default if possible.