漏洞修复
====================

域名访问限制不严格
----------------------------

X-Frame-Options头未设置
----------------------------

HTTP X-Content-Type-Options头缺失
---------------------------------------

HTTP X-Download-Options头缺失
---------------------------------------

HTTP X-Permitted-Cross-Domain-Policies头缺失
---------------------------------------------------

HTTP Referrer-Policy头缺失
---------------------------------------

服务器版本信息泄露
---------------------------------------