I’m writing an app that uses Angular 7 on the client-side instead of Blaze. I ran a scan using OWASP ZAP to scan for vulnerabilities and I got the following warnings:
Web Browser XSS Protection Not Enabled (Low risk)
X-Frame-Options Header Not Set (Medium risk)
X-Content-Type-Options Header Missing (Low risk)
Since Meteor handles all http responses, how can i get rid of these warnings? From my understanding the browser-policy package provides security on the client-side. Should i be using the package anyway even though angular implements its own security on the client-side?
Any help or suggestions is appreciated.