Re: [Tails-dev] More tails.boum.org HTTP response headers?

Delete this message

Reply to this message
Author: boum
Date:  
To: tails-dev
Subject: Re: [Tails-dev] More tails.boum.org HTTP response headers?

> I propose to add the following HTTP headers to all Tails web pages


> X-Frame-Options:
> SAMEORIGIN
>
> X-XSS-Protection:
> 1; mode=block
>
> X-Content-Type-Options:
> nosniff


Done: these ones seemed harmless and useful.

> Content-Security-Policy:


We won't decide to set this before someone at Tails (e.g. Alster) has a
closer look and confirms the proposed CSP won't break things for you. It's
your website, and your content, after all.

> These headers should be reviewed about a year from now since hopefully
> more of them will be standardized and implemented by then. Namely
> X-Frame-Options and X-XSS-Protection should have been included into CSP
> at this time, and CSP 1.1 should be finalized (deprecating some elements
> of 1.0 I'm suggesting to use above).


Please keep us updated :-)

Thank you!