Add HSTS Policy - Githubissues

ASRG / asrg.io

asrg.io - website and docs

MIT License

8 stars 4 forks source link

Add HSTS Policy #377

Closed heldyboy closed 2 years ago

heldyboy commented 2 years ago

https://digital.com/best-web-hosting/wordpress/security/

donald-king commented 2 years ago

add_header Strict-Transport-Security max-age=10886400; add_header X-Xss-Protection "1; mode=block" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';";

These headers were added to the nginx.conf file and resulted in no change to the results on securityheaders.com

usman-asrg commented 2 years ago

According to the link you shared above I found the way to add HSTS header

usman-asrg commented 2 years ago

@heldyboy By following the instructions I have added the HSTS header.