> I propose to add the following HTTP headers to all Tails web pages > X-Frame-Options: > SAMEORIGIN > > X-XSS-Protection: > 1; mode=block > > X-Content-Type-Options: > nosniff
Done: these ones seemed harmless and useful. > Content-Security-Policy: We won't decide to set this before someone at Tails (e.g. Alster) has a closer look and confirms the proposed CSP won't break things for you. It's your website, and your content, after all. > These headers should be reviewed about a year from now since hopefully > more of them will be standardized and implemented by then. Namely > X-Frame-Options and X-XSS-Protection should have been included into CSP > at this time, and CSP 1.1 should be finalized (deprecating some elements > of 1.0 I'm suggesting to use above). Please keep us updated :-) Thank you!
pgpmizHCj2ksf.pgp
Description: PGP signature
_______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
