X-Content-Type-Options | | -5 | X-Content-Type-Options header not implemented
X-Frame-Options | | -20 | X-Frame-Options (XFO) header not implemented
Research
I need to do more research on this. But for the site as it is right now. I do not know how pressing of an issue it is to provide this security as we are not storing any sensitive data.
Requirements
Mozilla has a neat tool for inspecting security on websites. Once we have the website stood up, perhaps post MVP, let's investigate this:
https://observatory.mozilla.org/analyze/findadoc.jp
And address any security concerns
Dependencies