Stephen's Wiki

User Tools

Site Tools

Trace:
azure_web_app_security_hardening

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
azure_web_app_security_hardening [2017/11/18 03:41] – [Remove Unnecessary Headers] stephenazure_web_app_security_hardening [2017/11/19 05:39] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== Azure Web App Security Hardening ====== ====== Azure Web App Security Hardening ======
 +
 +A bunch of checks can be done [[https://securityheaders.io/|here]].
  
 ===== HTTPS Only ===== ===== HTTPS Only =====
Line 73: Line 75:
  ...  ...
  <!-- Add these: -->  <!-- Add these: -->
-  <add name="Content-Security-Policy" value="upgrade-insecure-requests" /> + <add name="Content-Security-Policy" value="upgrade-insecure-requests"/> 
-  <add name="X-Frame-Options" value="DENY" />+ <add name="X-Frame-Options" value="DENY"/> 
 + <add name="X-XSS-Protection" value="1; mode=block"/> 
 + <add name="X-Content-Type-Options" value="nosniff"/> 
 + <add name="Referrer-Policy" value="origin-when-cross-origin"/> 
 + <!-- Max-age is in seconds, 31536000 = one year --> 
 + <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains"/>
   </customHeaders>   </customHeaders>
   </httpProtocol>   </httpProtocol>
azure_web_app_security_hardening.1510976486.txt.gz · Last modified: 2017/11/19 04:41 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki