On this page can set the Content Security Policy (CSP) and various other security HTTP headers.
External link
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
The CSP header comes with default policy
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
not visible in the GUI. The Domains Allowed field extend the policy with external source domain directives.
The Other Headers section allows adding miscellaneous headers, in form of
Header-Name:header value #1;header value #2;It comes prefilled with:
- STS External link: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
- Referrer-Policy External link: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
- X-Content-Type External link: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
- XSS policy headers External link: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
Can add up to 20 additional headers in this section. This may be extended in future releases.
Add new attachment
Only authorized users are allowed to upload new attachments.
List of attachments
Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
---|---|---|---|---|---|---|
jpg |
webinterfacecsp.jpg | 109.0 kB | 1 | 28-May-2021 10:56 | Ada Csaba | |
jpg |
webinterfacecsp_2.jpg | 339.0 kB | 1 | 05-May-2022 10:15 | Ada Csaba |
«
This particular version was published on 28-May-2021 11:30 by Ada Csaba.
G’day (anonymous guest)
Log in
JSPWiki