一、Apache配置
#如下的配置会将http资源升级成调用https资源
Header set Content-Security-Policy “upgrade-insecure-requests;connect-src *”
RewriteEngine on
RewriteCond %{HTTP_HOST} !^(172.18.199.213|www.xx.com|en.xx.com|xx.com)$ [NC]
RewriteRule ^(.*)$ /error.html
Header set Content-Security-Policy "default-src 'self' localhost:80 'unsafe-inline' 'unsafe-eval' blob: data: ;";
Header set Content-Security-Policy "default-src *;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src * data:;worker-src * blob:;font-src 'self' data:;"
Header set X-XSS-Protection "1"
Header set X-Xss-header "1;mode=block"
Header set X-Frame-Options SAMEORIGIN
Header set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header set Referrer-Policy strict-origin-when-cross-origin
Header set X-Permitted-Cross-Domain-Policies master-only
Header set X-Download-Options noopen
Header set X-Content-Type-Options nosniff