Skip to content

Security Headers Report #124

New issue
New issue
Open
Open
Security Headers Report#124
@SeditioCMS

Description

@SeditioCMS
SeditioCMS
opened on May 8, 2025

We can make more secure headers for Seditio.

Strict-Transport-Security
Content-Security-Policy
X-Frame-Options
X-Content-Type-Options
Referrer-Policy
Permissions-Policy

https://securityheaders.com/?q=https%3A%2F%2Fseditio.org%2F

And HTTP Observatory Report
https://developer.mozilla.org/en-US/observatory/analyze?host=seditio.org

Clean results
https://securityheaders.com/?q=https%3A%2F%2Fcarbrands.com.tr%2F

Code:
`
header("Content-Security-Policy: default-src 'self';");
header("Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.youtube.com https://stackpath.bootstrapcdn.com https://cdn.datatables.net;");
header("Content-Security-Policy: style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdn.datatables.net;");
header("Content-Security-Policy: font-src 'self' https://fonts.gstatic.com;");
header("Content-Security-Policy: img-src 'self' data: https://i.ytimg.com;");
header("Content-Security-Policy: frame-src https://www.youtube.com;");
header("Content-Security-Policy: connect-src 'self' https://your-ajax-endpoint.com;");
header("Content-Security-Policy: object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self';");

// X-Frame-Options (Clickjacking koruması)
header("X-Frame-Options: SAMEORIGIN");
// Strict-Transport-Security (HSTS - HTTPS zorunluluğu)
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
}
// X-Content-Type-Options (Güvenlik: MIME type sniffing engellenir)
header("X-Content-Type-Options: nosniff");
// Referrer-Policy (Güvenlik: Referrer bilgisi gönderimi kontrol edilir)
header("Referrer-Policy: no-referrer-when-downgrade");
// Permissions-Policy (Güvenlik: Tarayıcı kaynaklara ve özelliklere izin verir veya engeller)
header("Permissions-Policy: geolocation=(self), microphone=(), camera=(), fullscreen=(self)");
`

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions