Version vom 13. April 2023, 11:07 Uhr

Bereiche

Content Security Policy

upgrade-insecure-requests

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests

Syntax

upgrade-insecure-requests;

frame-ancestors

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

Syntax

frame-ancestors 'self';

form-action

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/form-action

Syntax

form-action 'self';

base-uri

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri

Syntax

base-uri 'self';

connect-src

Syntax

connect-src 'self' data: maps.googleapis.com;

default-src

Syntax

default-src 'self';

ToDo

font-src

Syntax

font-src 'self' data: googletagmanager.com;

img-src 'self'

Syntax

img-src 'self' blob: data:;

manifest-src

Syntax

manifest-src 'self' data:;

object-src

Syntax

object-src 'self';

script-src

Syntax

script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample';

style-src

Syntax

style-src 'self' 'unsafe-inline' 'report-sample';

worker-src

Syntax

worker-src 'self';

@@ Zeile 44: / Zeile 44: @@
 </pre>
-== ToDo ==
 === connect-src ===
@@ Zeile 61: / Zeile 61: @@
 default-src 'self';
 </pre>
+== ToDo ==
 === font-src ===

Content Security Headers: Unterschied zwischen den Versionen

Version vom 13. April 2023, 11:07 Uhr

Inhaltsverzeichnis

Bereiche

Content Security Policy

upgrade-insecure-requests

frame-ancestors

form-action

base-uri

connect-src

default-src

ToDo

font-src

img-src 'self'

manifest-src

object-src

script-src

style-src

worker-src

Strict-Transport-Security

X-Content-Type-Options

X-Frame-Options

Referrer-Policy

Permissions-Policy

Navigationsmenü

Suche