Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-2998

Missing/Incorrect headers

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: In Progress (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: jenkins.io
    • Labels:
      None
    • Similar Issues:

      Description

      Hello there, the Jenkins CERT ML received 3 reports concerning jenkins.io due to missing headers. Nothing important in terms of security but it could be nice if you could add them to prevent similar reports to be sent. It's a waste of time

      Missing header: X-Content-Type-Options in nosniff mode
      Missing header: Content-Security-Policy
      Header to adjust: HSTS has a too low max-age, recommended minimal is 30 days

      Communicated to jenkins-infra on libera

        Attachments

          Activity

            People

            Assignee:
            dduportal Damien Duportal
            Reporter:
            wfollonier Wadeck Follonier
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: