- Content Security Headers - E.145

Content Security Headers

Category: Linux

Sub-Category:

Creator: Jan-Maurice Dahlmanns

Created: 2021-10-17 04:21:30

Modified: 2024-11-16 21:06:37

Views: 573

Caution: I do not guarantee the reliability of the information given here, the code described on this page is executed at your own risk and in the event of damage or other unforeseeable consequences I am in no way responsible or liable.

Content Security Header (HSTS)

Apache:
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Nginx:
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';

Content Security Policy (CSP)

Apache:
Header always set Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;"

Nginx:
add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *";

X-XSS Protection

Apache:
Header set X-XSS-Protection "1; mode=block"

Nginx:
add_header X-XSS-Protection "1; mode=block";

X-Frame Options

Apache:
Header always set X-Frame-Options "SAMEORIGIN"

Nginx:
add_header X-Frame-Options "SAMEORIGIN";

X-Content-Type-Options

Apache:
Header always set X-Content-Type-Options "nosniff"

Nginx:
add_header X-Content-Type-Options nosniff;

Referrer Policy

Apache:
Header always set Referrer-Policy "strict-origin"

Nginx:
add_header Referrer-Policy "strict-origin";

Permission Policy

Apache:
Header always set Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"

Nginx:
add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";

System - 2024-11-05 18:28:50

Commenting System Initialized! Have a very nice day!