let securityHeaders = { | |
"Content-Security-Policy" : "upgrade-insecure-requests", | |
"Strict-Transport-Security" : "max-age=31536000; includeSubDomains; preload", | |
"X-Xss-Protection" : "1; mode=block", | |
"X-Frame-Options" : "DENY", | |
"X-Content-Type-Options" : "nosniff", | |
"Referrer-Policy" : "strict-origin-when-cross-origin", | |
"Feature-Policy" : "accelerometer 'none' ; ambient-light-sensor 'none' ; autoplay 'self' ; camera 'none' ; encrypted-media 'none' ; fullscreen 'self' ; geolocation 'none' ; gyroscope 'none' ; magnetometer 'none' ; microphone 'none' ; midi 'none' ; payment 'self' ; picture-in-picture * ; speaker 'self' ; sync-xhr 'none' ; usb 'none' ; notifications 'self' ; vibrate 'self' ; push 'self' ; vr 'none'", | |
"Cache-Control" : "public, max-age=0, must-revalidate", | |
"Content-Type" : "text/html; charset=UTF-8", | |
} | |
let sanitiseHeaders = { | |
"Server" : "headers override", | |
} | |
let removeHeaders = [ | |
"Public-Key-Pins", | |
"X-Powered-By", | |
"X-AspNet-Version", | |
] | |
addEventListener('fetch', event => { | |
event.respondWith(addHeaders(event.request)) | |
}) | |
async function addHeaders(req) { | |
let response = await fetch(req) | |
let newHdrs = new Headers(response.headers) | |
if (newHdrs.has("Content-Type") && !newHdrs.get("Content-Type").includes("text/html")) { | |
return new Response(response.body , { | |
status: response.status, | |
statusText: response.statusText, | |
headers: newHdrs | |
}) | |
} | |
Object.keys(securityHeaders).map(function(name, index) { | |
newHdrs.set(name, securityHeaders[name]); | |
}) | |
Object.keys(sanitiseHeaders).map(function(name, index) { | |
newHdrs.set(name, sanitiseHeaders[name]); | |
}) | |
removeHeaders.forEach(function(name){ | |
newHdrs.delete(name) | |
}) | |
return new Response(response.body , { | |
status: response.status, | |
statusText: response.statusText, | |
headers: newHdrs | |
}) | |
} |
This comment has been minimized.
This comment has been minimized.
Me bragging about it : https://twitter.com/askpascalandy/status/1064914160461463553 |
This comment has been minimized.
This comment has been minimized.
Excellent coding skills! |
This comment has been minimized.
This comment has been minimized.
Does this affect google to not cache your page? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Made few updates. I now get an A+ on https://securityheaders.com/?q=https%3A%2F%2Fpascalandy.com