> I propose to add the following HTTP headers to all Tails web pages > X-Frame-Options:
> SAMEORIGIN
>
> X-XSS-Protection:
> 1; mode=block
>
> X-Content-Type-Options:
> nosniff
Done: these ones seemed harmless and useful.
> Content-Security-Policy:
We won't decide to set this before someone at Tails (e.g. Alster) has a
closer look and confirms the proposed CSP won't break things for you. It's
your website, and your content, after all.
> These headers should be reviewed about a year from now since hopefully
> more of them will be standardized and implemented by then. Namely
> X-Frame-Options and X-XSS-Protection should have been included into CSP
> at this time, and CSP 1.1 should be finalized (deprecating some elements
> of 1.0 I'm suggesting to use above).