[SECURITY] - Multiple recommendations regarding web wallet security

[novy4]

• TLS Recommendations: No redirect from HTTP to HTTPS found. You should redirect your website visitors to the HTTPS version to avoid the "Not Secure" browser warning.

• Security Headers: Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors 'none'.

• Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src.

• Missing security header: X-XSS-Protection. The X-XSS-Protection HTTP header instructs the browser to stop loading web pages when they detect reflected Cross-Site Scripting (XSS) attacks. Lack of this header exposes application users to XSS attacks in case the web application contains such vulnerability. We recommend setting the X-XSS-Protection header to X-XSS-Protection: 1; mode=block.

• Server software and technology found. An attacker could use this information to mount specific attacks against the identified software type and version. We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.