Rails core - Aug 2011 - Default Security Headers

I was reading an article on Google+ I found through Hackernews:
http://www.barracudalabs.com/wordpress/index.php/2011/07/21/google-gets-a-1-for-browser-security-3/

I was wondering if these headers should be turned on by default in
Rails?

As far as I know, some of them can be sent by default, while others
can only be sent when force_ssl is on.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.

On Mon, Aug 22, 2011 at 04:25:22AM -0700, iain wrote:
> I was reading an article on Google+ I found through Hackernews:
>
http://www.barracudalabs.com/wordpress/index.php/2011/07/21/google-gets-a-1-for-browser-security-3/
> 
> I was wondering if these headers should be turned on by default in
> Rails?
I think adding the X Headers by default would be fine.  I don''t think
we
should muck with the cookie one though.

-- 
Aaron Patterson
http://tenderlovemaking.com/