freddyb
commented
8 years ago XFO is #225. X-XSS-P should be enabled, if I read this line correctly, but it isn't :-( XCTO is #226
Closed freddyb closed 8 years ago
freddyb
commented
8 years ago XFO is #225. X-XSS-P should be enabled, if I read this line correctly, but it isn't :-( XCTO is #226
pmac
commented
8 years ago These are all done. Thanks!
This bug is about implementing basic HTTP security headers.
X-Content-Type-Options: nosniff(also known as XCTO)X-Frame-Options: DENY(orSAMEORIGIN, also known as XFO)X-XSS-Protection(also known as XXSSP)Doing so comes at no cost and will certainly not break anything, given how the app currently works.