Difference between revisions of "Secure HTTP Headers"
Jump to navigation
Jump to search
(Created page with "{code} HTTP::respond 301 Location "https://exampe.com[HTTP::uri]" \ Strict-Transport-Security "max-age=31536000" \ Content-Security-Policy "default-src 'self...") |
|||
Line 8: | Line 8: | ||
X-Content-Type-Options "nosniff" | X-Content-Type-Options "nosniff" | ||
{code} | {code} | ||
+ | - https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md | ||
+ | - https://webdock.io/en/docs/how-guides/security-guides/how-to-configure-security-headers-in-nginx-and-apache |
Latest revision as of 01:13, 3 March 2022
{code}
HTTP::respond 301 Location "https://exampe.com[HTTP::uri]" \ Strict-Transport-Security "max-age=31536000" \ Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self'; frame-src 'self'; upgrade-insecure-requests" \ Referrer-Policy "strict-origin" \ X-Frame-Options "DENY" \ Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()" \ X-Content-Type-Options "nosniff"
{code} - https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md - https://webdock.io/en/docs/how-guides/security-guides/how-to-configure-security-headers-in-nginx-and-apache