Improve PaaS cluster security - HTTP headers

RESOLVED WONTFIX

Status

RESOLVED WONTFIX
2 years ago
2 years ago

People

(Reporter: nemo-yiannis, Unassigned)

Tracking

Details

(Reporter)

Description

2 years ago
In order to improve the cluster security we need to implement the following headers in our haproxy level.

* X-Content-Type-Options
* X-Frame-Options
* X-XSS-Protection
(Reporter)

Updated

2 years ago
See Also: → bug 1290410
(Reporter)

Comment 1

2 years ago
It looks like this is not feasible to be implemented in the load-balancer level and we added a policy to always implement this in our app deployment level.

Minimum policy for http-observatory:

B for all community sites
A- for all our core mozilla sites
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.