Secure HTTP Headers

From UVOO Tech Wiki
Jump to navigation Jump to search

{code} 

    HTTP::respond 301 Location "https://exampe.com[HTTP::uri]" \
     Strict-Transport-Security "max-age=31536000" \
     Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self'; frame-src 'self'; upgrade-insecure-requests" \
     Referrer-Policy "strict-origin" \
     X-Frame-Options "DENY" \
     Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()" \
     X-Content-Type-Options "nosniff"

{code} - https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md - https://webdock.io/en/docs/how-guides/security-guides/how-to-configure-security-headers-in-nginx-and-apache

Retrieved from "https://tech.uvoo.io/index.php?title=Secure_HTTP_Headers&oldid=2806"