Posted on February 11, 2018 at 6:01 pm
This is a quick post about Content-Security-Policy-Report-Only:
Content-Security-Policy-Report-Only: default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp |
Taken from HTTP headers of https://vimeo.com
To implement it with Nginx use add_header like this:
add_header Content-Security-Policy-Report-Only "default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp"; |
Other Posts
- PHP Display Date Same as Server HTTP Headers Date
- Google Cloud Load Balancer Firewall Rules
- Create Instance Template out of Disk Snapshot on Google Cloud
- Get User IP Address From Google Cloud Load Balancer
- Connect as Root using WinSCP on Google Cloud Compute Engine
- Become Root on Google Cloud Compute Engine VMs
- Connect to Google Cloud Compute Engine VM via PuTTY SSH
- DigitalOcean Slow, My Experience
Updated Posts
- PHP GetHostByAddr() Slow? Make it Faster
- PHP GetHostByName() Slow? Make it Faster
- How to Match Newline with Strpos() in PHP
- Use PHP Strpos() to Check if a String Starts with
- How to Run a Command with Time Limit in Bash Linux
- Unable to extract and upload PackageInfo.xml
- Stop Bad Bots from Crawling Your Website
- DEB.SURY.ORG Updated the Signing Key (March 2019)