Details
Minor Description
HTTP security headers allow to increase the security of your application. Below is a brief explanation of each header that is not defined:
HTTP Strict Transport Security (HSTS) is a response header that informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using insecure HTTP protocol should automatically be converted to HTTPS.
X-Frame-Options response header that improves the protection of web applications against Clickjacking. It declares a policy communicated from a host to the client browser on whether the browser must not display the transmitted content in frames of other web pages.
X-Content-Type-Options setting this header will prevent the browser from interpreting files as something else than declared by the content type in the HTTP headers.
Content-Security-Policy (CSP) this header provides an added layer of protection against Cross-Site Scripting (XSS), clickjacking, and other client-side attacks that rely on executing malicious content in the context of a trusted web page.
This headers are missing in almost every endpoint of test-tls-with-existing-keystore-external-pentesting.apps.testcluster3.lab.upshift.rdu2.redhat.com
