W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Re: New Version Notification for draft-nottingham-site-wide-headers-01.txt

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 25 Nov 2016 11:36:20 +1100
Message-ID: <CABkgnnXkKrkcZWa7X5t4wdp=ngPcZ1kOBBULtcW-z+Vyghnwzw@mail.gmail.com>
To: Jim Manico <jim@manicode.com>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Mike West <mkwst@google.com>, "Emily Stark (Dunn)" <estark@google.com>
On 24 November 2016 at 16:22, Jim Manico <jim@manicode.com> wrote:
> I think a blacklist for security headers has great potential harm. As a developer, I need to know explicitly what security headers are being delivered or someday a UA will start activating headers that I have not tested, am not aware of, and suddenly my site is broken because of a UA update.


I don't see how that concern is relevant in this context.
Received on Friday, 25 November 2016 00:36:53 UTC

This archive was generated by hypermail 2.3.1 : Friday, 25 November 2016 00:36:55 UTC