WebsiteBaker Logo
  • *
  • Templates
  • Help
  • Add-ons
  • Download
  • Home
*
Welcome, Guest. Please login or register.

Login with username, password and session length
 

News

WebsiteBaker 2.13.9 R24 is now available!

R.I.P Dietmar (luisehahne) and thank you for all your valuable work for WB
https://forum.websitebaker.org/index.php/topic,32355.0.html

* Support WebsiteBaker

Your donations will help to:

  • Pay for our dedicated server
  • Pay for domain registration
  • and much more!

You can donate by clicking on the button below.


  • Home
  • Help
  • Search
  • Login
  • Register

  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.12.x) »
  • General Help & Support »
  • Hilfe & Support (deutsch) »
  • Security Headers (Check)
  • Print
Pages: [1]   Go Down

Author Topic: Security Headers (Check)  (Read 5975 times)

Offline evaki

  • Posts: 2810
Security Headers (Check)
« on: September 22, 2018, 01:05:48 PM »
Security Headers

Template (Customize your options):
<?php
header ('Strict-Transport-Security: max-age=2592000; includeSubdomains');
header("Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; script-src 'self'");
header("X-WebKit-CSP: default-src 'self'; script-src 'self'");
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header("Referrer-Policy: no-referrer");
header("Feature-Policy: vibrate 'self'; sync-xhr 'self' https://domain.tld");
?>
 
Check Security Headers:
Code: [Select]
https://securityheaders.com/
Reg./MfG. Evaki
« Last Edit: September 22, 2018, 01:10:57 PM by evaki »
Logged

Offline dbs

  • Betatester
  • **
  • Posts: 8927
  • Gender: Male
  • tioz4ever
    • WebsiteBaker - jQuery-Plugins - Module - Droplets - Tests
Re: Security Headers (Check)
« Reply #1 on: September 22, 2018, 01:44:55 PM »
Schöne Liste. Hatte das in der .htaccess.
Man sollte seine Seite danach ausgiebig testen, ob noch alles so läuft wie vorher.
Logged
https://onkel-franky.de

Offline evaki

  • Posts: 2810
Re: Security Headers (Check)
« Reply #2 on: September 22, 2018, 02:02:40 PM »
Man sollte die benötigten Resourcen und deren Quelle kennen, insbesondere muß man zudem noch die diversen Dokus lesen (das dauert...), sonst kann's tatsächlich auch mal schiefgehen.  :cry:
Wer die DSGVO verinnerlicht hat, weiß ja woher was kommt, oder auch nicht...  :evil:

Mit der  .htaccess klappt das leider nicht bei jedem Hoster. Außerdem scheint mir das möglicherweise Konflikte zu produzieren -speziell CSP-, da davon dann auch das BE betroffen ist. Habe das aber nicht geprüft.
MfG. Evaki

Vielleicht nicht uninteressant: "HSTS Redirects; WWW to non-WWW and HTTP to HTTPS"
« Last Edit: September 22, 2018, 02:17:01 PM by evaki »
Logged

Offline evaki

  • Posts: 2810
Re: Security Headers (Check)
« Reply #3 on: October 20, 2018, 04:49:22 PM »
Noch ein wenig über TLS-Session-Tracking und z.B. HSTS.
Heise: Forscher warnen vor Tracking via TLS
Uni Hamburg: Tracking Users across the Web via TLS Session Resumption
Website User Tracking-Prasil-Adam-thesis: F8-DP-2016-Prasil-Adam-thesis

MfG. Evaki




Logged
  • Print
Pages: [1]   Go Up
  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.12.x) »
  • General Help & Support »
  • Hilfe & Support (deutsch) »
  • Security Headers (Check)
 

  • SMF 2.0.19 | SMF © 2017, Simple Machines
  • XHTML
  • RSS
  • WAP2