Bereiche[Bearbeiten]

Content Security Policy[Bearbeiten]

upgrade-insecure-requests[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests

Syntax

upgrade-insecure-requests;

frame-ancestors[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

Syntax

frame-ancestors 'self';

form-action[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/form-action

Syntax

form-action 'self';

base-uri[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri

Syntax

base-uri 'self';

connect-src[Bearbeiten]

Syntax

connect-src 'self' data: maps.googleapis.com;

font-src[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src

Syntax

font-src 'self';

img-src 'self'[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src

Syntax

img-src 'self';

manifest-src[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/manifest-src

Syntax

manifest-src 'self';

object-src[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/object-src

Syntax

object-src 'self';

script-src[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src

Syntax

script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample';

style-src[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src

Syntax

style-src 'self' 'unsafe-inline' 'report-sample';

worker-src[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src

Syntax

worker-src 'self';

ToDo[Bearbeiten]

default-src[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src

Syntax

default-src 'self';

Strict-Transport-Security[Bearbeiten]

Syntax in .htaccess

Header set Strict-Transport-Security "max-age=2592000; includeSubDomains; preload"

X-Content-Type-Options[Bearbeiten]

Syntax in .htaccess

Header set X-Content-Type-Options "nosniff"

X-Frame-Options[Bearbeiten]

Syntax in .htaccess

Header set x-frame-options "sameorigin"

Referrer-Policy[Bearbeiten]

Integration[Bearbeiten]

via HTML[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#integration_with_html

Syntax

<meta name="referrer" content="same-origin" />

via .htaccess[Bearbeiten]

Syntax

Header set Referrer-Policy "same-origin"

Permissions-Policy[Bearbeiten]

https://developer.mozilla.org/en-US/docs/Web/HTTP/Permissions_Policy

Syntax in .htaccess

Header set Permissions-Policy "geolocation=()"

Content Security Headers

Inhaltsverzeichnis

Bereiche[Bearbeiten]

Content Security Policy[Bearbeiten]

upgrade-insecure-requests[Bearbeiten]

frame-ancestors[Bearbeiten]

form-action[Bearbeiten]

base-uri[Bearbeiten]

connect-src[Bearbeiten]

font-src[Bearbeiten]

img-src 'self'[Bearbeiten]

manifest-src[Bearbeiten]

object-src[Bearbeiten]

script-src[Bearbeiten]

style-src[Bearbeiten]

worker-src[Bearbeiten]

ToDo[Bearbeiten]

default-src[Bearbeiten]

Strict-Transport-Security[Bearbeiten]

X-Content-Type-Options[Bearbeiten]

X-Frame-Options[Bearbeiten]

Referrer-Policy[Bearbeiten]

Integration[Bearbeiten]

via HTML[Bearbeiten]

via .htaccess[Bearbeiten]

Permissions-Policy[Bearbeiten]

Navigationsmenü

Suche