Web security checklist
-
Segurança - Cabeçalho HTTP Strict-Transport-Security Ausente Nosso amiguinho explica bem aqui: http://gutocarvalho.net/octopress/2012/11/29/entendendo-o-hsts/
-
X-Content-Type-Options https://kb.sucuri.net/warnings/hardening/headers-x-content-type
-
Content-Security-Policy http://blog.caelum.com.br/content-security-policy-uma-arma-eficaz-contra-ataques-xss/