-
Notifications
You must be signed in to change notification settings - Fork 4
/
security-headers.cfg
18 lines (14 loc) · 1.35 KB
/
security-headers.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Header unset X-Powered-By;
Header unset etag;
add_header X-Powered-By "CyberTap HackBack";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "DENY";
add_header Cross-Origin-Resource-Policy "same-origin";
add_header Cross-Origin-Embedder-Policy 'require-corp; report-to="default"';
add_header Cross-Origin-Opener-Policy 'same-origin; report-to="default"';
add_header Expect-CT 'enforce, max-age=30, report-uri="https://cybertap.report-uri.com/r/d/ct/enforce"';
add_header Referrer-Policy "same-origin";
add_header Content-Security-Policy "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data: https://www.google-analytics.com;object-src 'none';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com;style-src 'self' https: 'unsafe-inline';connect-src https://www.google-analytics.com; upgrade-insecure-requests; report-uri https://cybertap.report-uri.com/r/d/csp/enforce; report-to default";
add_header Permissions-Policy "geolocation=(), microphone=(), autoplay=(), camera=()";
add_header Report-To "{\"group\":\"default\",\"max_age\":31536000,\"endpoints\":[{\"url\":\"https://cybertap.report-uri.com/a/d/g\"}],\"include_subdomains\":true}";
add_header NEL "{\"report_to\":\"default\",\"max_age\":31536000,\"include_subdomains\":true}";