Add Header 'Permissions-Policy'. Add comments to 'Set-Cookie' Header.
This commit is contained in:
parent
d00b062265
commit
7de111487f
@ -2,11 +2,11 @@
|
|||||||
# - HTTP security Headers
|
# - HTTP security Headers
|
||||||
# ==========
|
# ==========
|
||||||
|
|
||||||
# You can mitigate most of the common Cross Site Scripting attack using HttpOnly
|
# ----------
|
||||||
# and Secure flag in a cookie. Without having HttpOnly and Secure, it is possible
|
# - You can test yout HTTP Header setting here:
|
||||||
# to steal or manipulate web application session and cookies and it’s dangerous.
|
# - https://securityheaders.com/
|
||||||
#
|
# ----------
|
||||||
#Header always edit Set-Cookie (.*) "$1;HttpOnly;Secure"
|
|
||||||
|
|
||||||
# - X-Frame-Options
|
# - X-Frame-Options
|
||||||
# -
|
# -
|
||||||
@ -172,6 +172,41 @@
|
|||||||
# -
|
# -
|
||||||
#Header set Referrer-Policy "strict-origin-when-cross-origin"
|
#Header set Referrer-Policy "strict-origin-when-cross-origin"
|
||||||
|
|
||||||
|
# - Permissions-Policy
|
||||||
|
# -
|
||||||
|
# - see also:
|
||||||
|
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
|
||||||
|
# -
|
||||||
|
# - Browser bieten einige Features und APIs, auf die wir Entwickler zugreifen können.
|
||||||
|
# - Das beinhaltet etwa Kamera und Mikrofon des Endgeräts. Mit einer Permissions Policy
|
||||||
|
# - können wir diese Funktionen für unsere Seite aktivieren, deaktivieren oder auf eine
|
||||||
|
# - Quelle begrenzen. Wenn ihr ein Feature abschaltet, können auch keine Dritten darauf
|
||||||
|
# - zugreifen, etwa per eingebettetem <iframe>. Ihr könnt jedes Feature über eine eigene
|
||||||
|
# - Direktive individuell einrichten.
|
||||||
|
# -
|
||||||
|
# - This specification defines a mechanism that allows developers to selectively enable
|
||||||
|
# - and disable use of various browser features and APIs.
|
||||||
|
# -
|
||||||
|
#Header always set Permissions-Policy: "usb=()"
|
||||||
|
|
||||||
|
# - Set-Cookie
|
||||||
|
# -
|
||||||
|
# - The Set-Cookie HTTP response header is used to send a cookie from the server to the
|
||||||
|
# - user agent, so that the user agent can send it back to the server later. To send
|
||||||
|
# - multiple cookies, multiple Set-Cookie headers should be sent in the same response.
|
||||||
|
# -
|
||||||
|
# - You can mitigate most of the common Cross Site Scripting attack using HttpOnly
|
||||||
|
# - and Secure flag in a cookie. Without having HttpOnly and Secure, it is possible
|
||||||
|
# - to steal or manipulate web application session and cookies and it’s dangerous.
|
||||||
|
# -
|
||||||
|
# - Header always edit Set-Cookie (.*) "$1;HttpOnly;Secure"
|
||||||
|
# -
|
||||||
|
# -
|
||||||
|
# - best possible cookie:
|
||||||
|
# - Header set Set-Cookie: "__Host-sess=a92fe1; path=/; Secure; HttpOnly; SameSite=Strict"
|
||||||
|
#
|
||||||
|
#Header set Set-Cookie: "sess=joh3Ao4e; path=/; HttpOnly"
|
||||||
|
|
||||||
# - HTTP Strict Transport Security (HSTS)
|
# - HTTP Strict Transport Security (HSTS)
|
||||||
# -
|
# -
|
||||||
# - See: https://scotthelme.co.uk/hsts-the-missing-link-in-tls/
|
# - See: https://scotthelme.co.uk/hsts-the-missing-link-in-tls/
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user