Important: #100032 - Add HTTP security headers for backend by default
See forge#100032
Description
The following HTTP security headers are now added by default for the TYPO3 backend:
Strict-
(only ifTransport- Security: max- age=31536000 $GLOBALS
is active)[TYPO3_ CONF_ VARS] [BE] [lock SSL] X-
Content- Type- Options: nosniff Referrer-
Policy: strict- origin- when- cross- origin
The default HTTP security headers are configured globally in
$GLOBALS
and include
a unique array key, so it is possible to individually unset/remove unwanted
headers.
Important
TYPO3 websites, which already use custom HTTP headers for the TYPO3 backend, must ensure that individual HTTP security headers are not sent multiple times.