Posted on February 11, 2018 at 6:01 pm
This is a quick post about Content-Security-Policy-Report-Only:
Content-Security-Policy-Report-Only: default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp |
Taken from HTTP headers of https://vimeo.com
To implement it with Nginx use add_header like this:
add_header Content-Security-Policy-Report-Only "default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp"; |
Other Posts
- PHP Generate Secure Random Passwords
- Google Cloud SQL and Public IP Address Security
- How to use Highlight.js to highlight code
- Nginx HTTP to HTTPS and non-www to www behind Google Load Balancer
- Quota 'IN_USE_ADDRESSES' exceeded. Limit: 8.0 in region
- Only allow Google Load Balancer traffic (Firewall Rules)
- Lost connection during Debian apt-get upgrade
- Bootstrap 3 Navbar with Logo Image
Updated Posts
- PHP StrToTime() Returns Incorrect Timestamp '-1 MONTH'
- PHP Correctly Get Last 12 Months (Month per Month)
- Nginx Redirect From a Website to Another Website
- PHP Multi-cURL to Run Parallel cURL Requests (Example)
- Let's Encrypt on Nginx and SSL Grade A+
- Vertically align Facebook and Twitter share buttons
- Download Windows 10 ISO without Media Creation Tool
- DEB.SURY.ORG Updated the Signing Key (March 2019)