core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon zikula

[SecurityCenter] Set additional security headers

Open Guite opened this issue 8 years ago • 0 comments

  • Set X-Content-Type-Options by default to nosniff.
  • Set X-XSS-Protection by default to 1; mode=block instead of 1.
  • Set Content-Security-Policy to a restrictive value (depends on #3711).
  • Make all configurable similar as X-Frame-Options (see ClickjackProtectionListener).
  • https://content-security-policy.com/
  • https://dev.to/jszutkowski/applying-content-security-policy-in-symfony-to-reduce-xss-risks-5a4l

Refs #3646

Guite avatar Jul 26 '17 06:07 Guite