Posted on February 11, 2018 at 6:01 pm
This is a quick post about Content-Security-Policy-Report-Only:
Content-Security-Policy-Report-Only: default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp |
Taken from HTTP headers of https://vimeo.com
To implement it with Nginx use add_header like this:
add_header Content-Security-Policy-Report-Only "default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp"; |
Other Posts
- Download TeamViewer Offline Installer for Windows
- Download HMA VPN Installer for Windows
- Download Netflix App for Windows 10
- Download Rufus - Create bootable USB drives from ISOs
- Download Adobe Acrobat Reader DC 18 Offline Installer
- Download BitDefender 2018 Offline Installer (Direct Download)
- Download DriverPack - A Free Driver Updater for Windows
- Download ImgBurn (Free) for Windows
Updated Posts
- IP anonymization with analytics.js - Google Analytics
- IP anonymization with gtag.js - Google Analytics
- Let's Encrypt on Nginx and SSL Grade A+
- Lets Encrypt certificate failed to renew
- Renew an expired Lets Encrypt / Certbot certificate
- GDPR Recommendations for AdSense Publishers
- Stop Personalized ads for European EU Traffic on AdSense
- Enable BitLocker to Prompt for Password (not PIN) on Startup