This list contains some extra (security) headers for sites/servers you deploy using Laravel Forge.

Note: this post will be updated in the future.

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
add_header Referrer-Policy "no-referrer-when-downgrade";
add_header Content-Security-Policy "frame-ancestors 'self'";

Want to check how your site scores with security headers? Take a look at https://securityheaders.com/

"Frame-Ancestors" header

More information about Frame Ancestors can be found on: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

"Strict-Transport-Security" header

More information can be found on: https://scotthelme.co.uk/hsts-the-missing-link-in-tls/

"Referrer-Policy" header

More information can be found on: https://scotthelme.co.uk/a-new-security-header-referrer-policy/

"Feature-Policy" header

What is the header "Feature Policy" for? That's explain on this blog: https://scotthelme.co.uk/a-new-security-header-feature-policy/

"Content-Security-Policy" header

More information can be found on: https://scotthelme.co.uk/content-security-policy-an-introduction/

Robin Dirksen

Robin Dirksen

On my blog, you can find articles that I've found useful or wanted to share with anyone else.

If you want to know more about this article or just want to talk to me, don't hesitate to reach out.