Difference between revisions of "Secure HTTP Headers"

Latest revision as of 01:13, 3 March 2022

{code}

    HTTP::respond 301 Location "https://exampe.com[HTTP::uri]" \
     Strict-Transport-Security "max-age=31536000" \
     Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self'; frame-src 'self'; upgrade-insecure-requests" \
     Referrer-Policy "strict-origin" \
     X-Frame-Options "DENY" \
     Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()" \
     X-Content-Type-Options "nosniff"

{code} - https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md - https://webdock.io/en/docs/how-guides/security-guides/how-to-configure-security-headers-in-nginx-and-apache

Difference between revisions of "Secure HTTP Headers"

Latest revision as of 01:13, 3 March 2022

Navigation menu

Search

@@ Line 8: / Line 8: @@
        X-Content-Type-Options "nosniff"
 {code}
+- https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md
+- https://webdock.io/en/docs/how-guides/security-guides/how-to-configure-security-headers-in-nginx-and-apache