Add basic HTTP security headers
basic HTTP security headers
-
X-XSS-Protection:
1; mode=block
-
X-Frame-Options:
DENY
-
X-Content-Type-Options:
nosniff
-
Referrer-Policy:
same-origin
optional HTTP security headers:
-
Strict-Transport-Security:
max-age=15768000
(only if https is activated) -
Content-Security-Policy:
default-src 'none'; style-src 'self'; (...)
todo list:
-
Test -
the basic HTTP security headers are correctly returned to the web browser for a list of pages (home page, contact form, ...)
-
-
add HTTP security headers for all HTML pages.