We're Hiring!

Mattermost, Inc.

Missing Headers

Hi there
I have question about security headers because which are missing

• X-XSS-Protection
• X-Content-Type-Options
• Strict-Transport-Security

Can you provide some information about implementation in the future or do you have others possibility to prevent from for exmaple XXS attack ?

What server version are you on and do you have any additional details on reproduction steps?

When headers were “tested” we were using 5.13. Currently we use 5.23.1 didnt check headers on that versions.
Reproduction steps are, I think, API request with header in details :wink: