Improve security headers documentation
Refresh and reorder links
This commit is contained in:
parent
4b773f0967
commit
f6e5a123e2
|
@ -19,9 +19,10 @@
|
|||
# such as:
|
||||
# https://csp-evaluator.withgoogle.com
|
||||
#
|
||||
# https://csp.withgoogle.com/docs/
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
||||
# https://www.html5rocks.com/en/tutorials/security/content-security-policy/
|
||||
# https://www.w3.org/TR/CSP/
|
||||
# https://owasp.org/www-project-secure-headers/#content-security-policy
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
||||
# https://developers.google.com/web/fundamentals/security/csp
|
||||
# https://content-security-policy.com/
|
||||
|
||||
add_header Content-Security-Policy $content_security_policy always;
|
||||
|
|
|
@ -17,7 +17,9 @@
|
|||
# https://securityheaders.com/
|
||||
# https://observatory.mozilla.org/
|
||||
#
|
||||
# https://scotthelme.co.uk/a-new-security-header-referrer-policy/
|
||||
# https://www.w3.org/TR/referrer-policy/
|
||||
# https://owasp.org/www-project-secure-headers/#referrer-policy
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
|
||||
# https://scotthelme.co.uk/a-new-security-header-referrer-policy/
|
||||
|
||||
add_header Referrer-Policy $referrer_policy always;
|
||||
|
|
|
@ -28,9 +28,9 @@
|
|||
# https://hstspreload.org/#deployment-recommendations
|
||||
#
|
||||
# https://tools.ietf.org/html/rfc6797#section-6.1
|
||||
# https://owasp.org/www-project-secure-headers/#http-strict-transport-security
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
|
||||
# https://www.html5rocks.com/en/tutorials/security/transport-layer-security/
|
||||
# https://blogs.msdn.microsoft.com/ieinternals/2014/08/18/strict-transport-security/
|
||||
# https://hstspreload.org/
|
||||
|
||||
add_header Strict-Transport-Security "max-age=16070400; includeSubDomains" always;
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
# user-uploaded content or content that could potentially be treated as
|
||||
# executable by the browser.
|
||||
#
|
||||
# https://owasp.org/www-project-secure-headers/#x-content-type-options
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
|
||||
# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/
|
||||
# https://mimesniff.spec.whatwg.org/
|
||||
|
|
|
@ -29,9 +29,9 @@
|
|||
# (!) The `Content-Security-Policy` header has a `frame-ancestors` directive
|
||||
# which obsoletes this header for supporting browsers.
|
||||
#
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
||||
# https://tools.ietf.org/html/rfc7034
|
||||
# https://blogs.msdn.microsoft.com/ieinternals/2010/03/30/combating-clickjacking-with-x-frame-options/
|
||||
# https://www.owasp.org/index.php/Clickjacking
|
||||
# https://owasp.org/www-project-secure-headers/#x-frame-options
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
||||
# https://docs.microsoft.com/archive/blogs/ieinternals/combating-clickjacking-with-x-frame-options
|
||||
|
||||
add_header X-Frame-Options $x_frame_options always;
|
||||
|
|
Loading…
Reference in New Issue