Missing Security Headers

[kasimlyee]

Problem: No security headers injected automatically:

• No Content-Security-Policy
• No X-Frame-Options
• No X-Content-Type-Options
• No Strict-Transport-Security
• No Referrer-Policy

Impact: High - XSS, clickjacking, MIME sniffing attacks
Fix: Creating SecurityHeadersMiddleware

[Jones-peter]

What is Our Plan for this bro ? @kasimlyee