Task #100032: Add default HTTP security headers for backend - TYPO3 Core - TYPO3 Forge

Actions

Task #100032

closed

Add default HTTP security headers for backend

Added by Torben Hansen about 1 year ago. Updated 3 months ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

-

Target version:

Start date:

2023-02-25

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

12

PHP Version:

Tags:

Complexity:

Sprint Focus:

Description

The TYPO3 backend should use common HTTP security headers by default.

The following HTTP security headers can safely be added:

Strict-Transport-Security (if [BE][lockSSL] is set or of the backend is accessed using HTTPS)
X-Content-Type-Options
Referrer-Policy

Actions

Also available in: Atom PDF