This list contains some extra (security) headers for sites/servers you deploy using Laravel Forge.

Note: this post will be updated in the future.

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
add_header Referrer-Policy "no-referrer-when-downgrade";
add_header Content-Security-Policy "frame-ancestors 'self'";

Want to check how your site scores with security headers? Take a look at https://securityheaders.com/

"Frame-Ancestors" header

More information about Frame Ancestors can be found on: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

"Strict-Transport-Security" header

More information can be found on: https://scotthelme.co.uk/hsts-the-missing-link-in-tls/

"Referrer-Policy" header

More information can be found on: https://scotthelme.co.uk/a-new-security-header-referrer-policy/

"Feature-Policy" header

What is the header "Feature Policy" for? That's explain on this blog: https://scotthelme.co.uk/a-new-security-header-feature-policy/

"Content-Security-Policy" header

More information can be found on: https://scotthelme.co.uk/content-security-policy-an-introduction/

Robin Dirksen

Robin Dirksen

On my blog you can find articles that I've found useful. This is just a simple blog built with Wink.