Hacker News new | past | comments | ask | show | jobs | submit login

Sites like https://observatory.mozilla.org can tell you if your site is vulnerable to these sorts of attacks. I end up setting the correct headers and the warnings go away. I have never actually tried to simulate an attack on my own domain though.

One thing that is bugging me though.. let’s say I am setting up a nextcloud instance behind a reverse proxy. The way I have been doing it I have had to manually set the right headers in my nginx conf. But this doesn’t seem right. Nextcloud already has these headers... I think. Is there someway of telling nginx to pass along the backend’s headers?

A lot of web applications should already have these issues figured out.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact