Remember to Be Kind!

Cybersalt's Base Security Headers

More
1 month 1 week ago - 1 month 1 week ago #47 by Tim Davis
I was asked (a long time ago - sorry Troy!) for a copy of the base security headers we currently use in the .htaccess file of our site and our clients' sites.

Keeping in mind that your mileage may vary depending on your server and the needs or configuration of your website, here they are:
Code:
#Allow Your Site To Be Framed Or Not Header always set X-Frame-Options "SAMEORIGIN" #(HSTS) Policy Enforces The Use Of HTTPS Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains;" env=HTTPS #Set How Much Info Is Leaked When Linking Off Site #Header set Referrer-Policy "Same-Origin" #Control Which Features Can Be Used In The Browser Header set Permissions-Policy: "geolocation=(), microphone=()" #Stops Browsers MIME Sniffing The Content Type <IfModule mod_headers.c> Header always set X-Content-Type-Options "nosniff" </IfModule> #Set the content security policy <FilesMatch "\.svg$">   <IfModule mod_headers.c>     Header always set Content-Security-Policy "script-src 'none'"   </IfModule> </FilesMatch> <IfModule mod_autoindex.c>   IndexIgnore * </IfModule>
Last edit: 1 month 1 week ago by Tim Davis.

Please Log in or Create an account to join the conversation.

Moderators: Tim Davis
Time to create page: 0.277 seconds
Powered by Kunena Forum