[ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16210822#comment-16210822 ]
Jacques Le Roux commented on OFBIZ-6766: ---------------------------------------- At r1812609 I added * the no-referrer-when-downgrade Referrer-Policy * a comment about Public-Key-Pins-Report-Only * a link to the related wiki page This is my prior to last commit, before implementing a CSP policy which is quite the stuff! Check by yourself at https://csp.withgoogle.com/docs/adopting-csp.html > Secure HTTP headers > ------------------- > > Key: OFBIZ-6766 > URL: https://issues.apache.org/jira/browse/OFBIZ-6766 > Project: OFBiz > Issue Type: Sub-task > Components: framework > Affects Versions: Trunk > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Fix For: Upcoming Release > > > I have created a wiki page for this > https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers -- This message was sent by Atlassian JIRA (v6.4.14#64029)