Hey,
We have a B grading on our websites on securityheaders.com. We are missing the Content-Security-Policy and X-Frame-Options. We tried adding X-Frame-Options to the front end before and this broke the admin and wouldnt allow content users to add content.
Is there any recommendations on what ones should be added?
When adding the headers in the MVC side of things, you might want to check to see if you're editing or in the live site. Depending on when and where you're adding this code, will make a difference how the check is done.
Please, sign in to be able to submit a new answer.