Lofesa edited a comment on issue #1953: Add x content type options nosniff to ipro URL: https://github.com/apache/incubator-pagespeed-mod/pull/1953#issuecomment-532681213 > > > Could you explain the rationale behind this ? IPRO deletes all headers set by the user and then put a fever set of headers. This header is a (relative) security thing that prevents the change of the mime type. A know security issue in wordpress is to upload a image file that is a php script and this help to mitigate this. No matter what the user do to set this header, set by the server or by adding AddResourceHeader directive, when the file is only optimized by IPRO. For example when a file is loaded by a javascript snipet, never is optimized by pagespeed but by IPRO, that deletes this header and then a bunch of security test will fail to not have this header. Maybe the x-xss-protection hs the same issue. Maybe thiĀ“s not the rigth way to do and we need to make some type of AddResourceHeader for IPRO.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
