Website - Set security related HTTP headers
Summary
The webserver running e.foundation currently does not implement any security related headers at all. Security headers should be set to protect visitors against possible vulnerabilites.
This improvement concerns
- UI
- Behavior
- Privacy
- Security
Description
None of the following relevant security headers are set:
- HSTS
- CSP
- X-Frame-Options
- XSS
- X-Content-Type-Options
What is the improved behavior? Above headers should be set correctly.
What does it bring? Increase security
Validation
Check HTTP headers with the DevTools of your browser.