Re: [Tails-dev] More tails.boum.org HTTP response headers?

Questo messaggio è parte di questo thread:
Mil thread completo ordinato per data
MAlster at <-
 
Delete this message

Reply to this message
Autore: boum
Data:  
To: tails-dev
Oggetto: Re: [Tails-dev] More tails.boum.org HTTP response headers?

> I propose to add the following HTTP headers to all Tails web pages

> X-Frame-Options:
> SAMEORIGIN
>
> X-XSS-Protection:
> 1; mode=block
>
> X-Content-Type-Options:
> nosniff

Done: these ones seemed harmless and useful.

> Content-Security-Policy:

We won't decide to set this before someone at Tails (e.g. Alster) has a
closer look and confirms the proposed CSP won't break things for you. It's
your website, and your content, after all.

> These headers should be reviewed about a year from now since hopefully
> more of them will be standardized and implemented by then. Namely
> X-Frame-Options and X-XSS-Protection should have been included into CSP
> at this time, and CSP 1.1 should be finalized (deprecating some elements
> of 1.0 I'm suggesting to use above).

Please keep us updated :-)

Thank you!
Questo messaggio è stato inviato alle seguenti mailing lists:
tails-dev
Informazioni sulla Mailing List | Messaggi correlati		<-[Tails-dev] License statement and font licenseRe: [Tails-dev] HSTS on https://mailman.boum.org/->
lists.autistici.org amministrato da postmasterLurker (versione 2.3)