Posted on February 11, 2018 at 6:01 pm
This is a quick post about Content-Security-Policy-Report-Only:
Content-Security-Policy-Report-Only: default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp |
Taken from HTTP headers of https://vimeo.com
To implement it with Nginx use add_header like this:
add_header Content-Security-Policy-Report-Only "default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp"; |
Other Posts
- Block Paltalk Ads (and Others) via Hosts file
- E: Sub-process /usr/bin/dpkg returned an error code (2)
- How to Validate JSON in PHP
- The program can’t start because VCRUNTIME140.DLL is missing
- PHP CURL Download Remote URL to File
- PHP Check if a file was modified more than 1 hour ago
- Linux -bash: Input/output error or -bash: Read-only file system
- Dropzone.js: Drag’n’Drop File Uploads with Image Previews
Updated Posts
- Lost connection during Debian apt-get upgrade
- Bootstrap 3 Navbar with Logo Image
- Redis HMGET, HGETALL, HSET, HGET Benchmark
- PHP GetHostByName() Slow? Make it Faster
- Use Timestamp with new DateTime() in PHP
- Calculate Elapsed Time Between Two Dates in PHP
- PHP Display Date Same as Server HTTP Headers Date
- PHP cURL Download Size Limit