lmas/sec_headers.md

Created July 13, 2022 16:54

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/lmas/7e9ede6b29798a5134d75d4842f5ef6b.js"></script>
Save lmas/7e9ede6b29798a5134d75d4842f5ef6b to your computer and use it in GitHub Desktop.

Download ZIP

HTTP security headers

Raw

sec_headers.md

List of HTTP headers for increased security.

/* Strict-Transport-Security max-age=31536060; includeSubDomains; preload
/* X-Frame-Options DENY
/* X-XSS-Protection 1; mode=block
/* X-Content-Type-Options nosniff
/* Referrer-Policy strict-origin-when-cross-origin
/* Cache-Control public, max-age=604860
/* Content-Security-Policy default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; connect-src https://stats.larus.se/

TODO: Lookup each header and provide more info and references.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment