mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-12-22 04:41:33 -05:00
Add upgrade-insecure-requests;
This commit is contained in:
parent
f8fea8190a
commit
0f9f94d2ce
@ -81,7 +81,7 @@ add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https
|
|||||||
#### If you do not use Gravatar with SOGo
|
#### If you do not use Gravatar with SOGo
|
||||||
|
|
||||||
```
|
```
|
||||||
add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'";
|
add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'";
|
||||||
```
|
```
|
||||||
|
|
||||||
### Cross-Origin Resource, Opener, and Embedder Policies
|
### Cross-Origin Resource, Opener, and Embedder Policies
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
/*
|
/*
|
||||||
Strict-Transport-Security : max-age=63072000; includeSubDomains; preload
|
Strict-Transport-Security : max-age=63072000; includeSubDomains; preload
|
||||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
|
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
|
||||||
X-Content-Type-Options : nosniff
|
X-Content-Type-Options : nosniff
|
||||||
Referrer-Policy : no-referrer
|
Referrer-Policy : no-referrer
|
||||||
X-Frame-Options : DENY
|
X-Frame-Options : DENY
|
||||||
@ -12,27 +12,27 @@
|
|||||||
|
|
||||||
/posts/knowledge/multi-factor-authentication/
|
/posts/knowledge/multi-factor-authentication/
|
||||||
! Content-Security-Policy
|
! Content-Security-Policy
|
||||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
|
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
|
||||||
Cross-Origin-Embedder-Policy : unsafe-none
|
Cross-Origin-Embedder-Policy : unsafe-none
|
||||||
|
|
||||||
/posts/android/android-tips/
|
/posts/android/android-tips/
|
||||||
! Content-Security-Policy
|
! Content-Security-Policy
|
||||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
|
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
|
||||||
Cross-Origin-Embedder-Policy : unsafe-none
|
Cross-Origin-Embedder-Policy : unsafe-none
|
||||||
|
|
||||||
/posts/android/choosing-your-android-based-operating-system/
|
/posts/android/choosing-your-android-based-operating-system/
|
||||||
! Content-Security-Policy
|
! Content-Security-Policy
|
||||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self' https://i.ytimg.com; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
|
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self' https://i.ytimg.com; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
|
||||||
Cross-Origin-Embedder-Policy : unsafe-none
|
Cross-Origin-Embedder-Policy : unsafe-none
|
||||||
|
|
||||||
/posts/linux/choosing-your-desktop-linux-distribution/
|
/posts/linux/choosing-your-desktop-linux-distribution/
|
||||||
! Content-Security-Policy
|
! Content-Security-Policy
|
||||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
|
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
|
||||||
Cross-Origin-Embedder-Policy : unsafe-none
|
Cross-Origin-Embedder-Policy : unsafe-none
|
||||||
|
|
||||||
/posts/linux/desktop-linux-hardening/
|
/posts/linux/desktop-linux-hardening/
|
||||||
! Content-Security-Policy
|
! Content-Security-Policy
|
||||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
|
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
|
||||||
Cross-Origin-Embedder-Policy : unsafe-none
|
Cross-Origin-Embedder-Policy : unsafe-none
|
||||||
|
|
||||||
/*.xml
|
/*.xml
|
||||||
|
Loading…
Reference in New Issue
Block a user