Marketo was recently updated to support setting HTTP headers for landing pages, including setting HSTS. This is great! However, additional standard security headers should be set for Marketo Landing Pages; this is onerous to do and requires proxy work outside of the platform. Would it be possible to add support for the following header items:
x-content-type-options
referrer-policy
x-frame-options
content-security-policy
permissions-policy
Additionally, the following three headers are upcoming and should have future support:
cross-origin-embedder-policy
cross-origin-opener-policy
cross-origin-resource-policy
This helps harden security for Marketo landing pages and may be required for infosec reasons.
... View more