** Description changed: We need to review our HTTP headers to improve security and check which ones we should include per default and which ones might need to be configurable. The review will include but is not limited to: - Strict-Transport-Security - Content-Security-Policy - X-Frame-Options - X-XSS-Protection - X-Content-Type-Options - Server - X-Powered-By - X-Permitted-Cross-Domain-Policies - Caching headers + + Initial reports for X-XSS-Protection header by SaifAllah benMassaoud and + Zeeshan.
-- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1531987 Title: Review HTTP headers to improve security Status in Mahara: Confirmed Status in Mahara 1.10 series: Confirmed Status in Mahara 15.04 series: Confirmed Status in Mahara 15.10 series: Confirmed Bug description: We need to review our HTTP headers to improve security and check which ones we should include per default and which ones might need to be configurable. The review will include but is not limited to: - Strict-Transport-Security - Content-Security-Policy - X-Frame-Options - X-XSS-Protection - X-Content-Type-Options - Server - X-Powered-By - X-Permitted-Cross-Domain-Policies - Caching headers Initial reports for X-XSS-Protection header by SaifAllah benMassaoud and Zeeshan. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1531987/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
