Posted on February 11, 2018 at 6:01 pm
This is a quick post about Content-Security-Policy-Report-Only:
Content-Security-Policy-Report-Only: default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp |
Taken from HTTP headers of https://vimeo.com
To implement it with Nginx use add_header like this:
add_header Content-Security-Policy-Report-Only "default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp"; |
Other Posts
- Calculate Elapsed Time of a Function in jQuery
- Convert Seconds to H:M:S in jQuery
- Truncate a String by Custom Length in jQuery
- Convert POST Fields to Objects in jQuery
- How to Sleep/Wait in jQuery (Synchronous)
- How to Install and Configure Mitmproxy on Windows
- Exclude Packages from Apt-Get Upgrade on Debian Linux
- What is the Correct JSON Content-Type for HTTP Headers?
Updated Posts
- Download Latest Raspbian ISO for Raspberry Pi
- What is Default Raspbian Raspberry Pi Password
- How to Install Pi-Hole on Raspbian for Raspberry Pi
- 3 Cards in a Row with Bootstrap 4.4
- Debug 502 Errors in Google Cloud Load Balancer
- Python if-then-else in one line example
- How to urlencode() an URL in Python3
- How to Install Python PIP on Debian