Security Headers

As you can see by consulting the following page in Security Headers:

Missing security header for XSS Protection
Missing security header to prevent Content Type sniffing
Missing Strict-Transport-Security security header

I recommend inserting the following lines in the .htaccess file of the next ClipBucket’s version:
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains: preload"
Header always append X-Frame-Options SAMEORIGIN

The above lines are documented and have been tested. For the remaining vulnerabilities, it may be useful to consult the free tool offered by Mozilla:

Good use of ClipBucket in safety :grinning::+1:

Thank you for your input, I have forwarded it to our development team.
Keep up the good work :+1:

1 Like