Actions
Task #2441
closedStart using the headers Content Security Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-Protection
Start date:
Due date:
% Done:
0%
Tags:
URL:
Description
I analysed libreoffice.org with Mozilla Observatory: https://observatory.mozilla.org/analyze.html?host=libreoffice.org
documentfoundation.org has the same result (grade F)
Lack of these is impacting us negatively:
https://wiki.mozilla.org/Security/Guidelines/Web_Security#Content_Security_Policy
https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-Content-Type-Options
https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-Frame-Options
https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-XSS-Protection
Also relevant is lack of HSTS: https://redmine.documentfoundation.org/issues/1086
https://wiki.mozilla.org/Security/Guidelines/Web_Security#HTTP_Strict_Transport_Security
Related issues
Actions