search

bnomei / kirby3-security-headers

Kirby Plugin for easier Security Headers setup
https://forum.getkirby.com/t/kirby3-security-headers-best-practice-headers-nonce-csp-and-feature-policies/23583
MIT License
26 stars 2 forks source link

[FAQ] Which policies should I create? #7

Open bnomei opened 5 years ago

bnomei commented 5 years ago

Question: Which policies should I create?

Answer: The default values for this plugin are a good start and in most cases you just need to define some additional policies. Just make sure not to weaken the policies by enabling unsafe-inline etc. Try finding the secure way to do these things.

  1. Record what you use: https://addons.mozilla.org/en-US/firefox/addon/laboratory-by-mozilla/
  2. Generate full list: https://www.cspisawesome.com/
  3. Set it up with this plugin
  4. Validate if it works: http://securityheaders.com/