Posted on February 11, 2018 at 6:01 pm
This is a quick post about Content-Security-Policy-Report-Only:
Content-Security-Policy-Report-Only: default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp |
Taken from HTTP headers of https://vimeo.com
To implement it with Nginx use add_header like this:
add_header Content-Security-Policy-Report-Only "default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp"; |
Other Posts
- How to Disable Hibernation on Windows 10
- Disable Windows Defender on Windows 10 via Regedit
- Install Latest NVIDIA Drivers for Windows 10
- How to improve security of encrypted hard disks
- Get Server IP Address with Ifconfig and IP in Bash
- bash: ipconfig: command not found
- Check if a number is within a range in bash
- Linux Commands to Check HDD from Rescue Mode
Updated Posts
- Double Opt-in Email Newsletter Made Right (by Yoast)
- Let's Encrypt on Nginx and SSL Grade A+
- Free Email Ticketing Systems for Startups
- Delphi URLEncode like PHP
- Delphi Function to Parse JSON Unicode Chars
- Ask Users What Features They Need (Product Roadmap)
- Make Your Domain Emails Not Spoofeable
- Create Documentations Easily with GitBook