Security headers for web apps

Erulezz

Verified User
Joined
Sep 14, 2015
Messages
905
Location
🇳🇱
I would like to suggest to enable the following headers by default for web apps (roundcube etc);

Code:
X-XSS-Protection "1; mode=block"
X-Frame-Options SAMEORIGIN
X-Content-Type-Options: "nosniff"
Referrer-Policy to none

For example in nginx webapps_settings.conf.

The referrer policy.. For obvious reasons:)
 
Back
Top