#158 — Add force-security-in-browser headers

Repo: Twill-AI/facade State: closed | Status: done Assignee: Unassigned

Created: 2024-10-23 · Updated: 2025-03-24

Description

Caused by https://twillpayments.atlassian.net/wiki/spaces/TD/pages/153092112/Evaluation+of+Security+Aspects

To protect from CSRF attacks need to add CSP headers. To protect from MitM attacks need to add HSTS “Strict-Transport-Security” header.

AC:

• Facade provides CSP, HSTS headers

Notes

Add implementation notes, blockers, and context here

Related

Add wikilinks to related people, meetings, or other tickets