Security of web edition

Im doing some pen testing against WE (standalone) got some results. Would like some feedback.

WE standalone Vulnerability assessment using some pen testing tools.

X-Frame-Options header is not included in the HTTP response to protect against ‘ClickJacking’ attacks.
The cache-control and pragma HTTP header have not been set properly or are missing allowing the browser and proxies to cache content.
Web Browser XSS Protection is not enabled, or is disabled by the configuration of the ‘X-XSS-Protection’ HTTP response header on the web server

Seems to be only these three items, Clickjacking seems to be the highest priority. Is there a way we cam protect against these

Dave

Sounds like a FR is in order :slight_smile:

Feature Request, you file in the Feedback app.

BUT, I am not too sure it is not already implemented. See http://documentation.xojo.com/index.php/WebApplication.Security

Or am I confused ?