1. 5
  1. 3

    imho the article is a bit too self-centered on his security header rating without going deep enough into attacks that do not require scripts.

    That may certainly be my bias, as I enjoyed stuff like https://lcamtuf.coredump.cx/postxss/ (2011) and https://www.slideshare.net/x00mario/stealing-the-pie (2012) when they came out.