^

Content Security Headers

Article 145 in Linux

2021-10-17 04:21:30 from bugfish
Content Security Headers
Linux / Security
Last Review on: 2022-05-23 11:04:19 | Hits: 348

Content Security Header (HSTS)

Apache:
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Nginx:
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';

Content Security Policy (CSP)

Apache:
Header always set Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;"

Nginx:
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";

X-XSS Protection

Apache:
Header set X-XSS-Protection "1; mode=block"

Nginx:
add_header X-XSS-Protection "1; mode=block";

X-Frame Options

Apache:
Header always set X-Frame-Options "SAMEORIGIN"

Nginx:
add_header X-Frame-Options "SAMEORIGIN";

X-Content-Type-Options

Apache:
Header always set X-Content-Type-Options "nosniff"

Nginx:
add_header X-Content-Type-Options nosniff;

Referrer Policy

Apache:
Header always set Referrer-Policy "strict-origin"

Nginx:
add_header Referrer-Policy "strict-origin";

Permission Policy

Apache:
Header always set Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"

Nginx:
add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";

I do not guarantee the reliability of the information given here, the code described on this page is executed at your own risk and in the event of damage or other unforeseeable consequences I am in no way responsible or liable.
Currently 0 Upvotes!
captcha image
System - 2021-10-17 04:22:35
We appreciate comments on our site!
Theme
Switch: 122 | Arrive: 191
This Website is using Session Cookies for Site Functionality and AWStats.