Content Security Headers: Unterschied zwischen den Versionen

Aus wiki.sehanka.de
Zur Navigation springen Zur Suche springen
Zeile 149: Zeile 149:


<pre>
<pre>
 
Header set X-Content-Type-Options "nosniff"
</pre>
</pre>


Version vom 13. April 2023, 13:19 Uhr

Bereiche

Content Security Policy

upgrade-insecure-requests

Syntax 

upgrade-insecure-requests;

frame-ancestors

Syntax 

frame-ancestors 'self';

form-action

Syntax 

form-action 'self';

base-uri

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri

Syntax 

base-uri 'self';


connect-src

Syntax 

connect-src 'self' data: maps.googleapis.com;

font-src

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src

Syntax 

font-src 'self';

img-src 'self'

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src

Syntax 

img-src 'self';

manifest-src

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/manifest-src

Syntax 

manifest-src 'self';

object-src

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/object-src

Syntax 

object-src 'self';

script-src

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src

Syntax 

script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample';

style-src

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src

Syntax 

style-src 'self' 'unsafe-inline' 'report-sample';

worker-src

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src

Syntax 

worker-src 'self';

ToDo

default-src

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src

Syntax 

default-src 'self';

Strict-Transport-Security

Syntax in .htaccess

X-Content-Type-Options

Syntax in .htaccess 

Header set X-Content-Type-Options "nosniff"

X-Frame-Options

Syntax in .htaccess 

Header set x-frame-options "sameorigin"

Referrer-Policy

Syntax in .htaccess 

Header set Referrer-Policy "same-origin"

Permissions-Policy

Syntax in .htaccess 

Header set Permissions-Policy "geolocation=()"
Abgerufen von „https://wiki.sehanka.de/index.php?title=Content_Security_Headers&oldid=384