programming (and other) musings
04 May 2020



i've been learning a tiny bit about web security at mozilla's Web Security pages, and used their Mozilla Observatory to analyize this site and make it a bit safer. it was just a matter of adding a handful of headers to the webserver configuration, to wit:

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
Header set X-XSS-Protection "1; mode=block"
Header always set Content-Security-Policy \
  "default-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'"
Tags: sundry
Creative Commons License by jao is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.