Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure HTTP Headers #2021

Merged
merged 1 commit into from
Feb 24, 2023
Merged

Configure HTTP Headers #2021

merged 1 commit into from
Feb 24, 2023

Conversation

jonaharagon
Copy link
Member

@jonaharagon jonaharagon commented Feb 24, 2023
edited
Loading 

X-Frame-Options = "DENY"
X-XSS-Protection = "0"
X-Content-Type-Options = "nosniff"
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org https://api.privacyguides.net 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src data: 'self'; connect-src https://api.github.com https://api.privacyguides.net 'self'"

@netlify
Copy link

netlify bot commented Feb 24, 2023
edited
Loading

Deploy Preview for privacyguides ready!

Name Link
🔨 Latest commit 561f6a7
🔍 Latest deploy log https://app.netlify.com/sites/privacyguides/deploys/63f8efe6f492870007ccc76e
😎 Deploy Preview https://deploy-preview-2021--privacyguides.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

jonaharagon added a commit that referenced this pull request Feb 24, 2023
@jonaharagon
Configure HTTP Headers (#2021)
55dcad3
jonaharagon added a commit that referenced this pull request Feb 24, 2023
@jonaharagon
Configure HTTP Headers (#2021)
3255a9f
jonaharagon added a commit that referenced this pull request Feb 24, 2023
@jonaharagon
Configure HTTP Headers (#2021)
70c369a
jonaharagon added a commit that referenced this pull request Feb 24, 2023
@jonaharagon
Configure HTTP Headers (#2021)
13e5819
jonaharagon added a commit that referenced this pull request Feb 24, 2023
@jonaharagon
Configure HTTP Headers (#2021)
25c669a
jonaharagon added a commit that referenced this pull request Feb 24, 2023
@jonaharagon
Configure HTTP Headers (#2021)
d8b12a4
jonaharagon added a commit that referenced this pull request Feb 24, 2023
@jonaharagon
Configure HTTP Headers (#2021)
4abf926
jonaharagon added a commit that referenced this pull request Feb 24, 2023
@jonaharagon
Configure HTTP Headers (#2021)
f73e138
@jonaharagon jonaharagon merged commit 561f6a7 into main Feb 24, 2023
@jonaharagon jonaharagon deleted the jonaharagon/http-headers branch February 24, 2023 17:13
@jonaharagon
Copy link
Member Author

Jury's out on whether X-XSS-Protection should be set to 0 (disable browser XSS protection) or 1; mode=block (enable and block the entire page load if XSS is detected. Hardenize prefers the former and Mozilla Observatory prefers the latter. Modern consensus (github/secure_headers#439) seems to agree that Mozilla is wrong and Hardenize is correct in this case, so I went with 0. I think this only affects Safari(?) anyways nowadays, so not a big deal outside of losing 10 points on our Mozilla Observatory score.

@privacyguides-bot
Copy link
Collaborator

This pull request has been mentioned on Privacy Guides. There might be relevant details there:

https://discuss.privacyguides.net/t/v3-0-translations/11920/1

@jonaharagon jonaharagon mentioned this pull request May 24, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jonaharagon @privacyguides-bot