Announcement

Collapse
No announcement yet.

Basic Set of HTTP Headers?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • alphabet
    replied

    only want to do this once per site :)
    Yeah, right!

    Realistically the security policy will need to be maintained. It is best to start small and create a report-only policy. Check the logs and then start adding restrictions.

    https://developer.mozilla.org/en-US/...cy-Report-Only

    Leave a comment:


  • Bruce - PhosphorMedia
    replied
    Yea, that's what got me thinking as a security audit on a site we work on popped up these missing headers. and i assume that i'll need these for the other 40 or so sites we deal with. any other headers folks have found? only want to do this once per site :)

    Leave a comment:


  • alphabet
    replied
    I'm not sure that these are yet recommended but I think the cache and security headers will become more important.

    Headers like x-frames, content-type, xss-protection and csp-directives like default-src and script-src.

    Leave a comment:


  • Bruce - PhosphorMedia
    started a topic Basic Set of HTTP Headers?

    Basic Set of HTTP Headers?

    Of course i did my research first :) but is there a recommended set of HTTP header items to add to miva sites?

Working...
X