[SecurityCenter] Set additional security headers

* Set `X-Content-Type-Options` by default to `nosniff`.
* Set `X-XSS-Protection` by default to `1; mode=block` instead of `1`.
* Set `Content-Security-Policy` to a restrictive value (depends on #3711).
* Make all configurable similar as `X-Frame-Options` (see [ClickjackProtectionListener](https://github.com/zikula/core/blob/main/src/Zikula/Bundle/CoreBundle/EventListener/ClickjackProtectionListener.php#L57)).
* https://content-security-policy.com/
* https://dev.to/jszutkowski/applying-content-security-policy-in-symfony-to-reduce-xss-risks-5a4l

Refs #3646


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[SecurityCenter] Set additional security headers #3712

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[SecurityCenter] Set additional security headers #3712

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions