On 14 Sep 2018, at 18:54, Agniva De Sarker ***@***.***> wrote:
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
. I'd like to have X-Frame-Options and CSP on all the responses, but some are generated by the stdlib. As I understand, they are 400 Bad request and 431 Request Header Fields Too Large. But I may have missed some others. At least, it is easy to trigger the 400 Bad request with a GET /% from an iframe.