Hi,
According to the recent third-party penetration test report, we received findings regarding some missing security headers.
Is this something we need to fix at the load balancer level, and if so, is there a guide available that we can review?
We had these findings:
Content Security Policy (CSP) Header Not Set
Multiple X-Frame-Options Header Entries
Missing Anti-clickjacking Header
X-Content-Type-Options Header Missing
Thanks,
Igor
2 posts - 2 participants