WebsiteBaker Logo
  • *
  • Templates
  • Help
  • Add-ons
  • Download
  • Home
*
Welcome, Guest. Please login or register.

Login with username, password and session length
 

News

WebsiteBaker 2.13.6 is now available!

Will it continue with WB? It goes on! | Geht es mit WB weiter? Es geht weiter!
https://forum.websitebaker.org/index.php/topic,32340.msg226702.html#msg226702

The forum email address board@websitebaker.org is working again
https://forum.websitebaker.org/index.php/topic,32358.0.html

R.I.P Dietmar (luisehahne) and thank you for all your valuable work for WB
https://forum.websitebaker.org/index.php/topic,32355.0.html

* Support WebsiteBaker

Your donations will help to:

  • Pay for our dedicated server
  • Pay for domain registration
  • and much more!

You can donate by clicking on the button below.


  • Home
  • Help
  • Search
  • Login
  • Register

  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.12.x) »
  • General Help & Support »
  • Hilfe & Support (deutsch) »
  • Security Headers (Check)
  • Print
Pages: [1]   Go Down

Author Topic: Security Headers (Check)  (Read 4556 times)

Offline evaki

  • Posts: 2810
Security Headers (Check)
« on: September 22, 2018, 01:05:48 PM »
Security Headers

Template (Customize your options):
<?php
header ('Strict-Transport-Security: max-age=2592000; includeSubdomains');
header("Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; script-src 'self'");
header("X-WebKit-CSP: default-src 'self'; script-src 'self'");
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header("Referrer-Policy: no-referrer");
header("Feature-Policy: vibrate 'self'; sync-xhr 'self' https://domain.tld");
?>
 
Check Security Headers:
Code: [Select]
https://securityheaders.com/
Reg./MfG. Evaki
« Last Edit: September 22, 2018, 01:10:57 PM by evaki »
Logged

Offline dbs

  • Betatester
  • **
  • Posts: 8914
  • Gender: Male
  • tioz4ever
    • WebsiteBaker - jQuery-Plugins - Module - Droplets - Tests
Re: Security Headers (Check)
« Reply #1 on: September 22, 2018, 01:44:55 PM »
Schöne Liste. Hatte das in der .htaccess.
Man sollte seine Seite danach ausgiebig testen, ob noch alles so läuft wie vorher.
Logged
https://onkel-franky.de

Offline evaki

  • Posts: 2810
Re: Security Headers (Check)
« Reply #2 on: September 22, 2018, 02:02:40 PM »
Man sollte die benötigten Resourcen und deren Quelle kennen, insbesondere muß man zudem noch die diversen Dokus lesen (das dauert...), sonst kann's tatsächlich auch mal schiefgehen.  :cry:
Wer die DSGVO verinnerlicht hat, weiß ja woher was kommt, oder auch nicht...  :evil:

Mit der  .htaccess klappt das leider nicht bei jedem Hoster. Außerdem scheint mir das möglicherweise Konflikte zu produzieren -speziell CSP-, da davon dann auch das BE betroffen ist. Habe das aber nicht geprüft.
MfG. Evaki

Vielleicht nicht uninteressant: "HSTS Redirects; WWW to non-WWW and HTTP to HTTPS"
« Last Edit: September 22, 2018, 02:17:01 PM by evaki »
Logged

Offline evaki

  • Posts: 2810
Re: Security Headers (Check)
« Reply #3 on: October 20, 2018, 04:49:22 PM »
Noch ein wenig über TLS-Session-Tracking und z.B. HSTS.
Heise: Forscher warnen vor Tracking via TLS
Uni Hamburg: Tracking Users across the Web via TLS Session Resumption
Website User Tracking-Prasil-Adam-thesis: F8-DP-2016-Prasil-Adam-thesis

MfG. Evaki




Logged
  • Print
Pages: [1]   Go Up
  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.12.x) »
  • General Help & Support »
  • Hilfe & Support (deutsch) »
  • Security Headers (Check)
 

  • SMF 2.0.19 | SMF © 2017, Simple Machines
  • XHTML
  • RSS
  • WAP2