Posted on February 11, 2018 at 6:01 pm
This is a quick post about Content-Security-Policy-Report-Only:
Content-Security-Policy-Report-Only: default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp |
Taken from HTTP headers of https://vimeo.com
To implement it with Nginx use add_header like this:
add_header Content-Security-Policy-Report-Only "default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp"; |
Other Posts
- Edit /etc/hosts on Mac OSX
- Set $_SERVER['REQUEST_URI'] when running PHP script from terminal
- View All Available Code Sign Certificates on USB Token
- Close program with ESC key in Delphi
- Create a Custom Mount Point with Noexec on Debian
- How to Secure /tmp and /var/tmp on your VPS
- IP anonymization with analytics.js - Google Analytics
- IP anonymization with gtag.js - Google Analytics
Updated Posts
- Integrate Disqus on WordPress programmatically
- Disable Compression when Encrypting with GNU GPG
- ERROR 1932 (42S02): Table doesn't exist in engine
- Minify & Compress CSS with online tools
- Unminify CSS and Javascript with online tools
- SMS messages from 1-410-200-500 are a scam
- Email addresses associated with suspicious online shops
- Suspicious online shops from helpandserving@gmail.com