In my first blog post I covered a workaround you can apply
immediately on your sites and applications to prevent attackers from exploiting
it. Today, we are revising it to include an additional defensive measure.
This additional step can be done at a server-wide level, and
should take less than 5 minutes to implement. Importantly, this step does
not replace the other steps in the original workaround, rather it should be
done in addition to the steps already in it. Below are instructions on
how to enable it.