Created
March 12, 2018 14:30
-
-
Save avarx/7290d54f9dcb17c1113c9546deb592e3 to your computer and use it in GitHub Desktop.
securityheaders.io
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################### | |
# START SEC Headers (https://securityheaders.io/) | |
################### | |
# HTTP Strict Transport Security | |
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" | |
# Content Security Policy | |
Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'" | |
# Xss-Protection | |
Header always set X-Xss-Protection "1; mode=block" | |
# X-Content-Type | |
Header always set X-Content-Type-Options "nosniff" | |
# X-Frame | |
Header always set X-Frame-Options "SAMEORIGIN" | |
# Referrer-Policy | |
Header always set Referrer-Policy "same-origin" | |
################### | |
# END SEC Headers | |
################### |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment