When requesting the QA stage of our application and inspecting the network traffic, important HTTP headers for security are missing.
The following are considered best practices and cannot be set by us:
X-Content-Type-Options: nosniff (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options )
X-Frame-Options: SAMEORIGIN (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options )
X-XSS-Protection: 0 (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection )
In my opinion, setting HSTS makes sense, too. However, I cannot make a recommendation about the concrete value to pick here.
You can consult more headers at https://helmetjs.github.io/#reference
André Jaenisch
| Categories | Other |
| I need it... | Week |
Hello, This is currently supported and to add headers, please create a support ticket with your request. Thank you.