Hi Martin, okay I am fine to let additional frameworks handle this facilities. Just wanted to mention it and ask for it here. :-)
Thanks for the fast response! kind regards Tobias > Am 27.08.2016 um 18:08 schrieb Martin Grigorov <[email protected]>: > > Hi, > > We use Spring Security in all our applications. > It adds these response headers for free. > > Any other Servlet Filter could do the same but I don't mind adding > facilities in Wicket too. > > Btw one of the security experts from OWASP audited our applications in the > last few weeks. Although he've found few problems here and there he said > very nice words for Wicket! > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Sat, Aug 27, 2016 at 6:01 PM, Tobias Soloschenko < > [email protected]> wrote: > >> Hi, >> >> Mozilla just made a tool public which allows to scan websites for security >> risks. Maybe we can somehow add a default set of headers to the page >> rendering of Wicket / apply other security relevant implementations. Or we >> are able to make them at least optional: >> >> https://observatory.mozilla.org >> >> Example header: >> >> https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-XSS-Protection >> >> What so you think about that idea? >> >> kind regards >> >> Tobias
