Update security headers

Question

Update security headers

h-enk opened this issue 5 years ago · comments

/*
  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
  X-Content-Type-Options: nosniff
  X-XSS-Protection: 1; mode=block
  Content-Security-Policy: default-src 'self'; img-src 'self'; object-src 'none'
  X-Frame-Options: SAMEORIGIN
  Referrer-Policy: strict-origin
  Feature-Policy: vibrate 'self'; usermedia *; sync-xhr 'self' https://getvalidate.com
  Cache-Control: public, max-age=31536000

Henk Verlinde · Answer 1 · Wed Mar 25 2020 16:18:19 GMT+0800 (China Standard Time)

Allow for data:image/svg+xml;base64:

  Content-Security-Policy: default-src 'self'; img-src 'self' data:; object-src 'none'

Henk Verlinde · Answer 2 · Wed Mar 25 2020 17:03:16 GMT+0800 (China Standard Time)

  Feature-Policy: geolocation 'self'