Leaderboard

Hayri, will this change later be incorporated into the unigui source or is it something I'll need to do every time? It's not a complaint, but just to know and already leave a note for when you change the version of UniGui.

I decided to open this post because for the first time I am making an application that will need a higher level of security, and after reading the post http://forums.unigui.com/index.php?/topic/16334-can-we-apply -some-protection-against-different-attacks/#comment-89591 I found it necessary to research a little more on the topic. I found a tool that does basic testing for free and I submitted my site and would like other more experienced users or even the support team to comment or give security tips. The tool used was: https://pentest-tools.com/website-vulnerability-scanning/website-scanner Attached report of the results. If you have tips on other tools, I would also appreciate it. At some point I plan to take up a paid subscription to have access to a full scanner. PentestTools-WebsiteScanner-report - public.pdf

And you can also add custom headers like the below code: procedure TUniServerModule.UniGUIServerModuleHTTPCommand( ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo; var Handled: Boolean); begin AResponseInfo.CustomHeaders.AddValue('X-Content-Type-Options', 'nosniff'); AResponseInfo.CustomHeaders.AddValue('X-Frame-Options', 'SAMEORIGIN'); AResponseInfo.CustomHeaders.AddValue('X-XSS-Protection', '1; mode=block'); end;

Thankss, at now moment it's working!