Improve Open Library's HTTP Observatory score - Githubissues

internetarchive / openlibrary

One webpage for every book ever published!

https://openlibrary.org

GNU Affero General Public License v3.0

5.11k stars 1.33k forks source link

Improve Open Library's HTTP Observatory score #5807

Open jimchamp opened 2 years ago

jimchamp commented 2 years ago

Describe the problem that you'd like solved

Open Library is failing its HTTP Observatory scan, which is used to determine areas in which our HTTP traffic can be more secure. Results can be found here: https://observatory.mozilla.org/analyze/openlibrary.org

Proposal & Constraints

We can pass our tests by ensuring that the following items are properly implemented:

[ ] Implement Content Security Policy (CSP) header
[ ] Implement HTTP Strict Transport Security header
[ ] Implement X-Content-Type-Options header
[ ] Implement X-Frame-Options (XFO) header
[ ] Implement X-XSS-Protection header

Additional context

More information about each unimplemented header can be found at the Observatory results page.

Stakeholders

b2pacific commented 2 years ago

@jimchamp I would like to work on this issue. Can you assign it to me?