追加ヘッダーの設定

追加ヘッダー .htaccessに

# Security Headers

Header always set Strict-Transport-Security: “max-age=31536000” env=HTTPS
Header always set Content-Security-Policy: “upgrade-insecure-requests”
Header always set X-Content-Type-Options: “nosniff”
Header always set X-XSS-Protection: “1; mode=block”
Header always set Expect-CT: “max-age=7776000, enforce”
Header always set Referrer-Policy: “no-referrer-when-downgrade”
Header always append X-Frame-Options: SAMEORIGIN
Header always set Permissions-Policy: “geolocation=(), midi=(),notifications=(),push=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), payment=(), camera=(), microphone=(),usb=(), xr=(),speaker=(self),vibrate=(),fullscreen=(self)”

# End Security Headers

HOME