[observatory] X-Content-Type-Options header not implemented

RESOLVED INVALID

Status

P1
normal
RESOLVED INVALID
2 years ago
a year ago

People

(Reporter: rolandtanglao, Unassigned)

Tracking

unspecified
2017q1

Details

(Whiteboard: [1st2weeks])

Lithium Response: The header is not set, but the Content-Type header is set on every page which makes this a low risk.
Update from http://supportcases.lithium.com/50061000009MCTs
QUOTE
Created By: Kris Stewart (2/24/2017 11:04 AM)
[Recipients: Patrick McClard, Scott Riley, Ryan Ausano, Lisa Hern, rtanglao@mozilla.com]

X-Content-Type-Options - in order to be fully compliant, this too will need to be submitted as an improvement request to support a new feature. I'm working on this now and will drive it alongside support for X-XSS-Protection and SRI.

END QUOTE

Need Info'ing myself to remind me to test this when done
Flags: needinfo?(rtanglao)
Component: Lithium Migration → General
Flags: needinfo?(rtanglao)
Product: support.mozilla.org → support.mozilla.org - Lithium
Target Milestone: --- → 2017q1

Updated

a year ago
Priority: -- → P1

Updated

a year ago
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.