content type header specifying a safe character set
(e.g., \emph{UTF-8}, \emph{ISO 8859{-}1}).
\begin{result}
- Content type headers may be set anywhere in the application. Furthermure,
+ Content type headers may be set anywhere in the application. Furthermure,\\
\code{Response::send} ensures that if no content type header is set, all
responses will fall back to using \code{text/html; charset=UTF-8}.
\end{result}
\begin{result}
The application will never supply an \code{X-FRAME-OPTIONS} header. While
this is not really a problem for the home page, a 3rd party X-Frame should
- not be able to refer to the administrative interfaces of the application.
+ not be able to refer to the administrative interfaces of the application
+ and this should be fixed.
\end{result}
\item\pass{}