Posted on February 11, 2018 at 6:01 pm
This is a quick post about Content-Security-Policy-Report-Only:
Content-Security-Policy-Report-Only: default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp |
Taken from HTTP headers of https://vimeo.com
To implement it with Nginx use add_header like this:
add_header Content-Security-Policy-Report-Only "default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp"; |
Other Posts
- How to Find PHP.ini Location
- How to Enable Display of Errors in PHP
- Go One Directory Level Up/Back with Dirname() in PHP
- Save a String to File in Python
- Create a File Name with Current Date & Time in Python
- Get Current Script Path in Python
- Python Wildcard Search a String or Array
- Get Current Script Path in PHP
Updated Posts
- api-ms-win-crt-runtime-l1-1-0.dll is missing
- jQuery Get File Extension Before Uploading File
- Estimate Number of Visitors and Pageviews of any Website
- How to Configure OVH Email POP3 with Thunderbird
- Simple jQuery File Upload SimpleUpload.js
- Repeat AJAX GET Until a Specific Response is Met in jQuery
- Calculate Elapsed Time of a Function in jQuery
- Convert Seconds to H:M:S in jQuery