Skip to content

Instantly share code, notes, and snippets.

@mrsweaters
Last active December 12, 2018 00:35
Show Gist options
  • Save mrsweaters/7eed87e5f0e520f661e3b4958ac55eb1 to your computer and use it in GitHub Desktop.
Save mrsweaters/7eed87e5f0e520f661e3b4958ac55eb1 to your computer and use it in GitHub Desktop.
CSP
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header Content-Security-Policy "default-src 'none'; img-src 'self' data: https://helio-assets-prod.zurb.com https://prod-testrun.s3-accelerate.amazonaws.com https://www.gravatar.com *.wp.com https://www.googletagmanager.com https://*.intercomassets.com https://*.intercomcdn.com https://d3utalfm9bp35r.cloudfront.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' *.algolianet.com *.algolia.net https://js.stripe.com https://*.kissmetrics.com https://cdn.headwayapp.co https://cdnjs.cloudflare.com https://*.intercomcdn.com https://*.intercom.io https://www.googletagmanager.com https://d20luy73ujukeu.cloudfront.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; object-src 'none'; media-src 'self' https://*.intercomcdn.com https://d20luy73ujukeu.cloudfront.net; font-src 'self' https://*.intercomcdn.com; connect-src 'self' *.algolianet.com *.algolia.net https://*.kissmetrics.com https://js.stripe.com wss://wss-my.helio.app https://prod-testrun.s3-accelerate.amazonaws.com https://www.google-analytics.com https://*.intercom.io wss://*.intercom.io wss://*.intercom.io; frame-src https://js.stripe.com https://fast.wistia.net https://headway-widget.net";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "DENY";
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "same-origin";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header Content-Security-Policy "default-src 'none'; img-src 'self' data: https://staging-testrun.s3-accelerate.amazonaws.com https://www.gravatar.com *.wp.com https://www.googletagmanager.com https://static.intercomassets.com https://js.intercomcdn.com https://d3utalfm9bp35r.cloudfront.net https://www.google-analytics.com; script-src 'self' 'unsafe-inline' *.algolianet.com *.algolia.net https://js.stripe.com https://*.kissmetrics.com https://cdn.headwayapp.co https://cdnjs.cloudflare.com https://*.intercomcdn.com https://*.intercom.io https://www.googletagmanager.com https://d20luy73ujukeu.cloudfront.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; object-src 'none'; media-src 'self' https://*.intercomcdn.com https://d20luy73ujukeu.cloudfront.net; font-src 'self' https://*.intercomcdn.com; connect-src 'self' wss://wss-pd-staging.zurb.com https://staging-testrun.s3-accelerate.amazonaws.com *.algolianet.com *.algolia.net https://*.kissmetrics.com https://js.stripe.com https://www.google-analytics.com https://*.intercom.io wss://*.intercom.io wss://*.intercom.io; frame-src https://js.stripe.com https://fast.wistia.net https://headway-widget.net";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "DENY";
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "same-origin";
@mrsweaters
Copy link
Author

@mrsweaters
Copy link
Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment