Optimize SSL on Laravel Forge [Extra security headers for nginx]
Published 13 May 2020 17:17 (1-minute read)
This list contains some extra (security) headers for sites/servers you deploy using Laravel Forge.
Note: this post will be updated in the future.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; add_header Referrer-Policy "no-referrer-when-downgrade"; add_header Content-Security-Policy "frame-ancestors 'self'";
Want to check how your site scores with security headers? Take a look at https://securityheaders.com/
More information about Frame Ancestors can be found on: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
More information can be found on: https://scotthelme.co.uk/hsts-the-missing-link-in-tls/
More information can be found on: https://scotthelme.co.uk/a-new-security-header-referrer-policy/
What is the header "Feature Policy" for? That's explain on this blog: https://scotthelme.co.uk/a-new-security-header-feature-policy/
More information can be found on: https://scotthelme.co.uk/content-security-policy-an-introduction/