A while ago I wrote a post on HTTP Security Headers and part of that invloved setting up a content security policy (CSP) and in that I say
I've done a SHA-256 hash of the script
and I just left it at that, simple right? Only now a it's little …
This week I decided to play around with securityheaders.io and see if I could get an A+ rating.
I already had Public Key Pinning and Strict Transport Security so those two were easy.
Then I added Xss-Protection, but I wasn't sure what exactly it did. After a bit of …
Content on this site is licensed under a Creative Commons Attribution 4.0 International License.
Built using Pelican.
Based on a theme by Giulio Fidente on github.