Hi, in this days I'm acting pen-test on my web2py application, all tools used report me that there're some "important" header are missing.. In particular:
- X-Frame-Options Header Not Set (15) - Cross-Domain JavaScript Source File Inclusion (2) - Incomplete or No Cache-control and Pragma HTTP Header Set (26) - Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) (50) - X-Content-Type-Options Header Missing (48) End also: - Absence of Anti-CSRF Tokens (13) Where's the mistake? There's a security Issue??? BR MS -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/55974bec-0b1a-4c30-affe-f3fe2d162d64n%40googlegroups.com.
