Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content

Website - Set security related HTTP headers

Summary

The webserver running e.foundation currently does not implement any security related headers at all. Security headers should be set to protect visitors against possible vulnerabilites.

This improvement concerns

  • UI
  • Behavior
  • Privacy
  • Security

Description

None of the following relevant security headers are set:

  • HSTS
  • CSP
  • X-Frame-Options
  • XSS
  • X-Content-Type-Options

What is the improved behavior? Above headers should be set correctly.

What does it bring? Increase security

Validation

Check HTTP headers with the DevTools of your browser.