> I propose to add the following HTTP headers to all Tails web pages

> X-Frame-Options:
>   SAMEORIGIN
> 
> X-XSS-Protection:
>   1; mode=block
> 
> X-Content-Type-Options:
>   nosniff

Done: these ones seemed harmless and useful.

> Content-Security-Policy:

We won't decide to set this before someone at Tails (e.g. Alster) has a
closer look and confirms the proposed CSP won't break things for you. It's
your website, and your content, after all.

> These headers should be reviewed about a year from now since hopefully
> more of them will be standardized and implemented by then. Namely
> X-Frame-Options and X-XSS-Protection should have been included into CSP
> at this time, and CSP 1.1 should be finalized (deprecating some elements
> of 1.0 I'm suggesting to use above).

Please keep us updated :-)

Thank you!
  

Attachment: pgpmizHCj2ksf.pgp
Description: PGP signature

_______________________________________________
Tails-dev mailing list
[email protected]
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
[email protected].

Reply via email to