Security Headers

Bas

securityheaders for docs.securityheaders.nl:

SSLEngine on
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
Protocols h2
SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves secp521r1:secp384r1
SSLSessionTickets Off
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
Header always set Strict-Transport-Security 'max-age=31536000; preload'
Header always set X-Frame-Options SAMEORIGIN
Header always set X-Content-Type-Options nosniff
Header always set X-Xss-Protection '1; mode=block'
Header always set Referrer-Policy 'no-referrer'
Header always set X-Permitted-Cross-Domain-Policies 'master-only'
Header always set X-Download-Options 'noopen'
Header always set X-Powered-By ComputerBas
Header always set Expect-Staple 'max-age=31536000; preload'
Header always set Access-Control-Allow-Origin https://docs.securityheaders.nl
Header always set Accept-Ranges bytes
Header always set Allow "GET, POST"
Header always set X-DNS-Prefetch-Control on
Header always set X-Robots-Tag all
Header always set Trailer Max-Forwards
Header always set Tk ?
Header always set X-UA-Compatible IE=edge,chrome=1
Header always set X-AspNet-Version ComputerBas
Header always set Access-Control-Allow-Credentials true
Header always set Access-Control-Allow-Methods "POST, GET"
Header always set Access-Control-Allow-Headers "origin"
Header always set Access-Control-Request-Method "POST, GET"
Header always set Access-Control-Request-Headers "X-PINGOTHER, Content-Type"
Header always set Access-Control-Max-Age 3600
Header always set Access-Control-Expose-Headers: Content-Length
Header always set cross-origin-embedder-policy "unsafe-none"
Header always set cross-origin-opener-policy "unsafe-none"
Header always set cross-origin-resource-policy "cross-origin"
Header always set Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), midi=(),fullscreen=()"
Header always set Set-Cookie: __Secure-ID=checktls;Max-Age=2592000;Path=/;Secure;HttpOnly;SameSite=Strict
Header always set Content-Security-Policy "upgrade-insecure-requests;"
ExpiresActive On
ExpiresDefault "access plus 1 week"
SetEnv no-gzip 1