Details
-
Improvement
-
Resolution: Duplicate
-
High
-
None
-
None
-
None
Description
Following the principle of delivering a hardened platform out of the box (XSRF token, preventing cookie stealing etc), I think we should adopt the following countermeasure as well: CSP
See for reference: http://en.wikipedia.org/wiki/Content_Security_Policy
and for an example usage/explanation (even though that one involves usage of an external firewall): http://blog.spiderlabs.com/2013/10/phpnet-site-infected-with-malware.html
Attachments
Issue Links
- duplicates
-
EZP-32043 Security headers: Set by default or recommend
- Closed