Missing cross-origin-resource-policy (CORP) #1251
Description
Cross origin resource policy is a security feature that instructs browsers not to render a static resource,
such as a JavaScript file, when it is embedded in a webpage on an untrusted origin. This control
protects against cross-site script inclusion attacks, as well as side-channel attacks like Spectre.
Recommendation:
For any static resources that are not intended to be embedded or loaded by webpages hosted on
different origins, add the response header Cross-Origin-Resource-Policy: same-origin. For any
resources intended for use on other subdomains of mobiledgex.net, add the response header CrossOrigin-Resource-Policy: same-site.