Skip to content

Instantly share code, notes, and snippets.

@nitrobw

nitrobw/.securityheaders

Last active March 26, 2024 09:54
Show Gist options
  • Save nitrobw/e633c6f66165c043a2d6ece77282faaf to your computer and use it in GitHub Desktop.
Save nitrobw/e633c6f66165c043a2d6ece77282faaf to your computer and use it in GitHub Desktop.
Download ZIP
securityheaders.2023
Raw
.securityheaders
Strict-Transport-Security "max-age=31536000 ; includeSubDomains";
X-Frame-Options "deny";
X-Content-Type-Options "nosniff";
Content-Security-Policy "default-src 'none'; script-src 'unsafe-inline' 'sha256-<hash>' 'nonce-<nonce>'; style-src 'self'; img-src 'self'; media-src 'self'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests; require-trusted-types-for 'script'";
X-Permitted-Cross-Domain-Policies "none";
Referrer-Policy "no-referrer";
Clear-Site-Data '"cache","cookies","storage"';
Cross-Origin-Embedder-Policy "require-corp";
Cross-Origin-Opener-Policy "same-origin";
Cross-Origin-Resource-Policy "same-origin";
Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),layout-animations=(self),legacy-image-formats=(self),magnetometer=(),microphone=(),midi=(),oversized-images=(self),payment=(),picture-in-picture=(),publickey-credentials-get=(),speaker-selection=(),sync-xhr=(self),unoptimized-images=(self),unsized-media=(self),usb=(),screen-wake-lock=(),web-share=(),xr-spatial-tracking=()";
Cache-Control "no-store, max-age=0";
Pragma no-cache;
@nitrobw
Copy link
Author

nitrobw commented Sep 30, 2023

Cache-related Headers are optional.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment