search

mdPlusPlus / lempstack

LEMP Installer for Debian/Ubuntu - Linux, NGINX, MySQL, PHP
MIT License
7 stars 1 forks source link

Add security related headers #4

Open mdPlusPlus opened 6 years ago

mdPlusPlus commented 6 years ago

See https://securityheaders.com (currently C rating).

mdPlusPlus commented 5 years ago

As of https://github.com/mdPlusPlus/lempstack/commit/1b277692506ddca4dd98ba18a1d231dde2392f3b we achieve an A+ rating from https://securityheaders.com. Maybe there should be some further fine-tuning.

Details:

Header Value
Content-Security-Policy default-src 'https:'
Referrer-Policy same-origin
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
mdPlusPlus commented 1 year ago

Current rating A:

image image