Add missing security headers (X-Content-Type-Options, X-Frame-Options, CSP, Referrer-Policy, Permissions-Policy) #431

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

gkorland wants to merge 7 commits into staging from add-security-headers

+135 −24

GitHub Advanced Security / CodeQL failed Mar 8, 2026 in 1s

4 new alerts including 4 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

4 high

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 85 in tests/test_hsts_header.py

Code scanning / CodeQL

Incomplete URL substring sanitization High test

The string

may be at an arbitrary position in the sanitized URL.

Check failure on line 91 in tests/test_hsts_header.py

Code scanning / CodeQL

Incomplete URL substring sanitization High test

The string

may be at an arbitrary position in the sanitized URL.

Check failure on line 92 in tests/test_hsts_header.py

Code scanning / CodeQL

Incomplete URL substring sanitization High test

The string

may be at an arbitrary position in the sanitized URL.

Check failure on line 98 in tests/test_hsts_header.py

Code scanning / CodeQL

Incomplete URL substring sanitization High test

The string

may be at an arbitrary position in the sanitized URL.