- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 25 Nov 2016 11:36:20 +1100
- To: Jim Manico <jim@manicode.com>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Mike West <mkwst@google.com>, "Emily Stark (Dunn)" <estark@google.com>
On 24 November 2016 at 16:22, Jim Manico <jim@manicode.com> wrote: > I think a blacklist for security headers has great potential harm. As a developer, I need to know explicitly what security headers are being delivered or someday a UA will start activating headers that I have not tested, am not aware of, and suddenly my site is broken because of a UA update. I don't see how that concern is relevant in this context.
Received on Friday, 25 November 2016 00:36:53 UTC