|
|
|
|
@ -59,7 +59,7 @@ setenv.add-response-header = (
|
|
|
|
|
# https://raymii.org/s/articles/HTTP_Public_Key_Pinning_Extension_HPKP.html |
|
|
|
|
"Public-Key-Pins" => "pin-sha256=\"JYR9Zo608E/dQLErawdAxWfafQJDCOtsLJb+QdneIY0=\"; max-age=63072000; includeSubDomains", |
|
|
|
|
# https://report-uri.com/home/generate |
|
|
|
|
"Content-Security-Policy" => "default-src 'self' discordapp.com widget.battleforthenet.com; script-src 'self' 'unsafe-inline' discordapp.com widget.battleforthenet.com; style-src 'self' 'unsafe-inline' discordapp.com widget.battleforthenet.com; img-src 'self' discordapp.com widget.battleforthenet.com; font-src * discordapp.com widget.battleforthenet.com; connect-src 'self' ; media-src 'self' ; child-src 'self' ; form-action 'self' ; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block;", |
|
|
|
|
"Content-Security-Policy" => "default-src 'self' discordapp.com widget.battleforthenet.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' discordapp.com widget.battleforthenet.com; style-src 'self' 'unsafe-inline' discordapp.com widget.battleforthenet.com; img-src *; font-src 'self' discordapp.com widget.battleforthenet.com; connect-src 'self' ; media-src 'self' ; child-src 'self' ; form-action 'self' ; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block;", |
|
|
|
|
# https://www.keycdn.com/blog/x-xss-protection/ |
|
|
|
|
"X-XSS-Protection" => "1; mode=block", |
|
|
|
|
) |
|
|
|
|
|
DarkFeather
5 years ago