mirror of
https://github.com/PrivSec-dev/privsec.dev.git
synced 2024-12-26 07:49:45 -05:00
Add upgrade-insecure-requests;
This commit is contained in:
parent
f8fea8190a
commit
0f9f94d2ce
@ -81,7 +81,7 @@ add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https
|
||||
#### If you do not use Gravatar with SOGo
|
||||
|
||||
```
|
||||
add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'";
|
||||
add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'";
|
||||
```
|
||||
|
||||
### Cross-Origin Resource, Opener, and Embedder Policies
|
||||
|
@ -1,6 +1,6 @@
|
||||
/*
|
||||
Strict-Transport-Security : max-age=63072000; includeSubDomains; preload
|
||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
|
||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
|
||||
X-Content-Type-Options : nosniff
|
||||
Referrer-Policy : no-referrer
|
||||
X-Frame-Options : DENY
|
||||
@ -12,27 +12,27 @@
|
||||
|
||||
/posts/knowledge/multi-factor-authentication/
|
||||
! Content-Security-Policy
|
||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
|
||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
|
||||
Cross-Origin-Embedder-Policy : unsafe-none
|
||||
|
||||
/posts/android/android-tips/
|
||||
! Content-Security-Policy
|
||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
|
||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
|
||||
Cross-Origin-Embedder-Policy : unsafe-none
|
||||
|
||||
/posts/android/choosing-your-android-based-operating-system/
|
||||
! Content-Security-Policy
|
||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self' https://i.ytimg.com; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
|
||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self' https://i.ytimg.com; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
|
||||
Cross-Origin-Embedder-Policy : unsafe-none
|
||||
|
||||
/posts/linux/choosing-your-desktop-linux-distribution/
|
||||
! Content-Security-Policy
|
||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
|
||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
|
||||
Cross-Origin-Embedder-Policy : unsafe-none
|
||||
|
||||
/posts/linux/desktop-linux-hardening/
|
||||
! Content-Security-Policy
|
||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
|
||||
Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
|
||||
Cross-Origin-Embedder-Policy : unsafe-none
|
||||
|
||||
/*.xml
|
||||
|
Loading…
Reference in New Issue
Block a user