Description
At the moment the following security headers are statically set by SyncopeConsoleApplication:
response.setHeader("X-XSS-Protection", "1; mode=block"); response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Frame-Options", "sameorigin");
Improve this by changing the code above to read security headers from console.properties.