Last active
November 25, 2018 20:38
-
-
Save realsby/7e74298b82f7b043ec2696ab98b861fe to your computer and use it in GitHub Desktop.
Apache and Nginx Headers Policies Samples
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" | |
| Header set Content-Security-Policy "script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src 'self' *.domain.com;" | |
| Header always set X-Frame-Options "sameorigin" | |
| Header set X-XSS-Protection "1" | |
| Header set Referrer-Policy "no-referrer-when-downgrade" | |
| Header set Feature-Policy "microphone none;camera none;" | |
| Header set X-Content-Type-Options "nosniff" | |
| add_header Strict-Transport-Security max-age=63072000; | |
| add_header Content-Security-Policy "script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src 'self' *.domain.com;"; | |
| add_header X-Frame-Options sameorigin; | |
| add_header X-Frame-X-XSS-Protection 1; | |
| add_header X-Xss-Protection "1; mode=block" always; | |
| add_header Referrer-Policy "no-referrer-when-downgrade"; | |
| add_header Feature-Policy "microphone none;camera none;"; | |
| add_header X-Content-Type-Options nosniff; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment