having to add half a dozen fixed headers to my https web site to make it "secure" is such a web failure
I mean, it won't remove the underlying complexity but will make it feasible to set security headers per origin.
-
-
But sorry, I don't think we'll get to "X-Security: YES; mode=superextrasecureplz" anytime soon.
-
And what we really want is "X-Security: noPolicy; multiTrust; weakIntegrity; allowFraming;" I.e. safe defaults.
-
If you can trigger arch changes in app X, maybe. Otherwise we'll be trading one mess for another.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.