Content Security Headers: Unterschied zwischen den Versionen
(→ToDo) |
|||
| Zeile 142: | Zeile 142: | ||
== X-Frame-Options == | == X-Frame-Options == | ||
== Referrer-Policy == | == Referrer-Policy == | ||
Syntax in .htaccess | |||
<pre> | |||
Header set Referrer-Policy "same-origin" | |||
</pre> | |||
== Permissions-Policy == | == Permissions-Policy == | ||
* https://developer.mozilla.org/en-US/docs/Web/HTTP/Permissions_Policy | * https://developer.mozilla.org/en-US/docs/Web/HTTP/Permissions_Policy | ||
Version vom 13. April 2023, 13:15 Uhr
Bereiche
Content Security Policy
upgrade-insecure-requests
Syntax
upgrade-insecure-requests;
frame-ancestors
Syntax
frame-ancestors 'self';
form-action
Syntax
form-action 'self';
base-uri
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri
Syntax
base-uri 'self';
connect-src
Syntax
connect-src 'self' data: maps.googleapis.com;
font-src
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src
Syntax
font-src 'self';
img-src 'self'
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src
Syntax
img-src 'self';
manifest-src
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/manifest-src
Syntax
manifest-src 'self';
object-src
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/object-src
Syntax
object-src 'self';
script-src
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
Syntax
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample';
style-src
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
Syntax
style-src 'self' 'unsafe-inline' 'report-sample';
worker-src
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src
Syntax
worker-src 'self';
ToDo
default-src
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src
Syntax
default-src 'self';
Strict-Transport-Security
X-Content-Type-Options
X-Frame-Options
Referrer-Policy
Syntax in .htaccess
Header set Referrer-Policy "same-origin"