Why? We shouldn't have done reporting bunch of false positive unfulfilled security headers. We have to be conscious about the context and the usage of why those headers being existed.
Β
List of the security headers:
- Content-Security-Policy (CSP)
- Strict-Transport-Security Header (HSTS)
- X-Content-Type-Options
- X-Frame-Options
- Referrer-Policy
- Access-Control-Allow-Origin
Β