Created
July 22, 2019 03:30
-
-
Save lxmmxl56/c53ffcd5feb65c0a85c327d545c6ce68 to your computer and use it in GitHub Desktop.
HTTP Headers Here are some basic HTTP headers you can use to secure a site in the Apache vhost conf file. You can add {'unsafe-inline' 'unsafe-eval'} and {*.yoursite.com} to each section of the Content-Security-Policy if necessary. Check your site's security compliance at the following link:https://securityheaders.com/?q=[www.yoursite.com]&follo…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Header always set Content-Security-Policy: "default-src 'self'; script-src 'self'; img-src 'self' data:; connect-src 'self'; style-src 'self'; font-src 'self'; frame-src 'self'" | |
| Header set Cache-Control "private; max-age=31536000" | |
| Header set Pragma "no-cache" | |
| Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" | |
| Header set X-XSS-Protection "1; mode=block" | |
| Header set X-Content-Type-Options "nosniff" | |
| Header set X-Frame-Options "SAMEORIGIN" | |
| Header set Referrer-Policy "no-referrer-when-downgrade" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment