Webinoly is just the perfect tool for NGINX experts. Give it a try!
0 votes
709 views
by Talented
edited by

Hi,

Out of curiosity, I checked a few sites with https://securityheaders.com,  which show the following:

Is this something that could be added on Webinoly or is it intentionally omitted or not actually needed?

Thanks!

Resources:

https://scotthelme.co.uk/content-security-policy-an-introduction/

https://scotthelme.co.uk/a-new-security-header-feature-policy/

1 Answer

+1 vote
by Expert
selected by
 
Best answer

Hi Giorgos,

Actually, you can find CSP in this file /etc/nginx/common/headers-html.conf, as you can see is empty, you need to manually add the correct values according to your site configuration.

The downside is that this file will be overwritten during some Webinoly updates, that's why we don't promote this feature because is not completely implemented. This feature is scheduled to be developed and released in v1.12.0.

We have no plans for "Feature Policy".

Regards.

by Talented

Hi Cristhian,

Good to know. I checked a few other well-known sites and I see that in general, Webinoly-powered sites are better than most on this aspect. It seems that implementing Content-Security-Policy will ensure an A rating, which seems to be quite rare.

For now, I am looking forward to v. 1.11.0 :)

by Expert
Welcome to the Community site for Webinoly.

Our Optimized LEMP Web Server is a powerful set of commands for doing just about anything you could wish.

With Webinoly you can set up your NGINX web server in just one step.

* * * * * * *

To report a bug, please create a new issue on GitHub or ask a question here with the bug tag.
Webinoly Support Paypal Donations

PayPal · GitHub Sponsors · Bitcoin

It is very important that any visitor to the site read the disclaimer, terms of use and privacy and legal statement before start browsing.

...