-
X-XSS-Protection: Tells the browser not to disable XSS protection X-Content-Type-Options: Tells the browser not to try to guess at mimetypes of downloads X-Permitted-Cross-Domain-Policies: Tells Flash & PDF not to trust alternate crossdomain.xml files (which set the permissions on whether this site allows itself to be accessed by scripts in Flash & PDF). Prevents an attacker from uploading a more permissive crossdomain.xml X-Powered-By: PHP by default sends this header with the current full PHP version. behatnotneeded: Selenium can't examine HTTP response headers Change-Id: Ia2a6de971fc62b7d8806ad010aa0fbe37c1a7357 (cherry picked from commit 29656f03)
ef64adaa
