Posted on February 11, 2018 at 6:01 pm
This is a quick post about Content-Security-Policy-Report-Only:
Content-Security-Policy-Report-Only: default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp |
Taken from HTTP headers of https://vimeo.com
To implement it with Nginx use add_header like this:
add_header Content-Security-Policy-Report-Only "default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp"; |
Other Posts
- NodeJs Request.Get Example with Error Handling
- NodeJs HTTPS.Get Example with Error Handling
- How to Find PHP.ini Location
- How to Enable Display of Errors in PHP
- Go One Directory Level Up/Back with Dirname() in PHP
- Save a String to File in Python
- Create a File Name with Current Date & Time in Python
- Get Current Script Path in Python
Updated Posts
- Compress Word, Excel and PowerPoint Office Documents
- Download OpenVPN 2.4.7 and TAP-Windows
- api-ms-win-crt-runtime-l1-1-0.dll is missing
- jQuery Get File Extension Before Uploading File
- Estimate Number of Visitors and Pageviews of any Website
- How to Configure OVH Email POP3 with Thunderbird
- Simple jQuery File Upload SimpleUpload.js
- Repeat AJAX GET Until a Specific Response is Met in jQuery