Project

General

Profile

Actions
Copy link

Task #2441

closed

Start using the headers Content Security Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-Protection

Added by Beluga Beluga almost 7 years ago. Updated over 6 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Guilhem Moulin
Category:
Website
Target version:
-
Start date:
Due date:
% Done:

0%

Tags:
URL:

Description

I analysed libreoffice.org with Mozilla Observatory: https://observatory.mozilla.org/analyze.html?host=libreoffice.org
documentfoundation.org has the same result (grade F)

Lack of these is impacting us negatively:

https://wiki.mozilla.org/Security/Guidelines/Web_Security#Content_Security_Policy
https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-Content-Type-Options
https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-Frame-Options
https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-XSS-Protection

Also relevant is lack of HSTS: https://redmine.documentfoundation.org/issues/1086
https://wiki.mozilla.org/Security/Guidelines/Web_Security#HTTP_Strict_Transport_Security

Related issues

Related to Infrastructure - Task #2026: scan sites with observatory.mozilla.orgClosedGuilhem Moulin

Actions
Actions
Copy link
 #1

Updated by Florian Effenberger almost 7 years ago

  • Related to Task #2026: scan sites with observatory.mozilla.org added
Actions
Copy link
 #2

Updated by Florian Effenberger over 6 years ago

  • Status changed from New to Rejected

Rejecting this one in favor of #2026 (will follow-up in that ticket later on) - the request makes sense to me indeed

Actions
Copy link

Also available in: Atom PDF