Hi, Mozilla just made a tool public which allows to scan websites for security risks. Maybe we can somehow add a default set of headers to the page rendering of Wicket / apply other security relevant implementations. Or we are able to make them at least optional:
https://observatory.mozilla.org Example header: https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-XSS-Protection What so you think about that idea? kind regards Tobias
