In order to improve the cluster security we need to implement the following headers in our haproxy level. * X-Content-Type-Options * X-Frame-Options * X-XSS-Protection
It looks like this is not feasible to be implemented in the load-balancer level and we added a policy to always implement this in our app deployment level. Minimum policy for http-observatory: B for all community sites A- for all our core mozilla sites
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.