Missing HTTP security headers

[1mgtheboss]

Describe the bug
There are missing http security headers on, https://challenges.topcoder-dev.com .

To Reproduce / Actual Behavior
Steps to reproduce the behavior:

1. Go to 'https://challenges.topcoder-dev.com'.
2. The page has missing http security headers, X-Frame-Options, X-XSS-Protection, Strict-Transport-Security, & X-Content-Type-Options.

Expected behavior
The page should not have missing http security headers.

Screenshots
Not applicable

Desktop:

• OS: Windows 7 professional 32 bit
• Browser: Google chrome version 81.0.4044.138 (official build) (32-bit)

Additional context
The vulnerability has been found through pentest-tools.com website vulnerability scanner.

[jmgasper]

@rootelement - We should probably fix this, but wanted to check if there are strict Topcoder platform requirements here.

[rootelement]

There's no standard. Use your best judgement please.