Not being a web developer, I have just discovered the world of HTTP Security Headers. I set up https://guardianproject.info with a strong but conservative set of them. These headers mostly restrict how Javascript can be run, to help prevent cross-site scripting attacks.
Mozilla has a nice scanner for it: https://observatory.mozilla.org/analyze.html?host=guardianproject.info#third This all reminds me yet again of the days of the dotcom web browser wars in the late 90s, where Netscape and Microsoft were competing by adding "features" as fast as possible with little forethought. Plus, those engineers were working 100+ hour weeks. And now we are stilling paying the price, with the state of web security and privacy still so bad that we need these arcane headers. .hc -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
