Hello,
My client has hired a 3rd party to do a security audit on their site, and came back with the following issue:
“Web Application Headers: HTML Security Issues. No Security Headers are set”
I have never run into this before, can anyone please advise what I can do to remedy this?
This is not an easy thing to do … I have put it together reasonably well with the help of this website: https://securityheaders.com
Hi, you could visit owasp.org for informations (lot of docs). Securityheader is a matter for the webserver, for example http connection without « s » isn’t allowed 
. Of course it’s possible to add html code in our site html header but we have to know the configuration of the webserver. I think it’s OUR problem when WE manage our own server. Maybe I’m wrong… I’m agree with @Kunstmaler it’s not an easy task.