Permalink
Browse files

Docs: Update server configurations

  • Loading branch information...
molant committed Feb 7, 2019
1 parent 806740b commit c34e1cdd6a61062d8b590edf98897b9927c604f8
@@ -529,6 +529,17 @@ AddDefaultCharset utf-8
# Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# </IfModule>
# ----------------------------------------------------------------------
# | X-Content-Type-Options |
# ----------------------------------------------------------------------
# Serve resources with the x-content-type-options header set to `nosniff`.
# https://webhint.io/docs/user-guide/hints/hint-x-content-type-options/
# <IfModule mod_headers.c>
# Header always set X-Content-Type-Options nosniff
# </IfModule>
# ######################################################################
# # Unnedded / Disallowed headers #
@@ -47,6 +47,12 @@ related hint.
<remove name="X-Version"/>
<!-- Security headers ("strict-transport-security") -->
<add name="Strict-Transport-Security" value="max-age=31536000"/>
<!--
Security headers ("x-content-type-options")
All resources must serve with this response header set to "nosniff"
https://webhint.io/docs/user-guide/hints/hint-x-content-type-options/
-->
<add name="X-Content-Type-Options" value="nosniff" />
</customHeaders>
</httpProtocol>
<!--
@@ -143,15 +149,6 @@ related hint.
<action type="Rewrite" value="{C:3}" />
</rule>

<!-- Remove X-Content-Type from everywhere but JS and CSS ("x-content-type-options") -->
<rule name="X-Content-Type-Options" enabled="true">
<match serverVariable="RESPONSE_X_Content_Type_Options" pattern=".*" />
<conditions>
<add input="{RESPONSE_Content_Type}" pattern="text/(javascript|css)" />
</conditions>
<action type="Rewrite" value="nosniff"/>
</rule>

<!--
Add vary header
"http-compression": https://webhint.io/docs/user-guide/hints/hint-http-compression

0 comments on commit c34e1cd

Please sign in to comment.