Research of http security headers

[Limraj]

Target The goal is to improve application security by adding the correct security headers to requests. Check that Spring Security does not add these headers. Pay particular attention to the Content Security Policy.

Headers to consider:

• [ ] Content-Security-Policy
• [x] Referrer-Policy
• [x] X-Frame-Options "SAMEORIGIN";
• [x] X-XSS-Protection "1; tryb=blok";
• [ ] X-Content-Type-Options "nosniff";
• [x] Cache-Control
• [ ] Strict-Transport-Security: max-age= Strict-Transport-Security: max-age=; includeSubDomains Strict-Transport-Security: max-age=; preload

Additional context Content-Security-Policy Referrer-Policy X-Frame-Options X-XSS-Protection X-Content-Type-Options Strict-Transport-Security Cache-Control