Content Security Headers: Unterschied zwischen den Versionen

Aus wiki.sehanka.de
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „ = Bereiche = == Content Security Policy == csp=“ upgrade-insecure-requests; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; connect-src 'self…“)
 
Zeile 4: Zeile 4:
== Content Security Policy ==
== Content Security Policy ==


csp=upgrade-insecure-requests; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; connect-src 'self' data: maps.googleapis.com; default-src 'self'; font-src 'self' data: googletagmanager.com;
=== upgrade-insecure-requests ===
 
 
=== ToDo ===
 
frame-ancestors 'self'; form-action 'self'; base-uri 'self'; connect-src 'self' data: maps.googleapis.com; default-src 'self'; font-src 'self' data: googletagmanager.com;
img-src 'self' blob: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; worker-src 'self';“
img-src 'self' blob: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; worker-src 'self';“


Version vom 13. April 2023, 10:23 Uhr

Bereiche

Content Security Policy

upgrade-insecure-requests

ToDo

frame-ancestors 'self'; form-action 'self'; base-uri 'self'; connect-src 'self' data: maps.googleapis.com; default-src 'self'; font-src 'self' data: googletagmanager.com; img-src 'self' blob: data:; manifest-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; worker-src 'self';“

Strict-Transport-Security

X-Content-Type-Options

X-Frame-Options

Referrer-Policy

Permissions-Policy

Abgerufen von „https://wiki.sehanka.de/index.php?title=Content_Security_Headers&oldid=361