Optimize SSL on Laravel Forge [Extra security headers for nginx]

Published 13 May 2020 17:17 (1-minute read)

This list contains some extra (security) headers for sites/servers you deploy using Laravel Forge.

Note: this post will be updated in the future.

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
add_header Referrer-Policy "no-referrer-when-downgrade";
add_header Content-Security-Policy "frame-ancestors 'self'";

Want to check how your site scores with security headers? Take a look at https://securityheaders.com/

"Frame-Ancestors" header

More information about Frame Ancestors can be found on: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

"Strict-Transport-Security" header

More information can be found on: https://scotthelme.co.uk/hsts-the-missing-link-in-tls/

"Referrer-Policy" header

More information can be found on: https://scotthelme.co.uk/a-new-security-header-referrer-policy/

"Feature-Policy" header

What is the header "Feature Policy" for? That's explain on this blog: https://scotthelme.co.uk/a-new-security-header-feature-policy/

"Content-Security-Policy" header

More information can be found on: https://scotthelme.co.uk/content-security-policy-an-introduction/

Robin Dirksen
Robin Dirksen

Follow me on Twitter, there I post web-related content, tips/tricks, and other interesting things.

On my blog, you can find articles that I've found useful or wanted to share with anyone else.

If you want to know more about this article or just want to talk to me, don't hesitate to reach out.