[Tails-dev] More tails.boum.org HTTP response headers?

boum at boum.org boum at boum.org
Tue Apr 1 19:50:12 CEST 2014


> I propose to add the following HTTP headers to all Tails web pages

> X-Frame-Options:
>   SAMEORIGIN
> 
> X-XSS-Protection:
>   1; mode=block
> 
> X-Content-Type-Options:
>   nosniff

Done: these ones seemed harmless and useful.

> Content-Security-Policy:

We won't decide to set this before someone at Tails (e.g. Alster) has a
closer look and confirms the proposed CSP won't break things for you. It's
your website, and your content, after all.

> These headers should be reviewed about a year from now since hopefully
> more of them will be standardized and implemented by then. Namely
> X-Frame-Options and X-XSS-Protection should have been included into CSP
> at this time, and CSP 1.1 should be finalized (deprecating some elements
> of 1.0 I'm suggesting to use above).

Please keep us updated :-)

Thank you!
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/tails-dev/attachments/20140401/9c59ab53/attachment-0001.sig>


More information about the Tails-dev mailing list