网站首页 博客 Apache安全相关参数配置
TraceEnable off
ServerTokens ProductOnly
ServerSignature Off
<IfModule headers_module>
Header add X-Content-Type-Options "nosniff"
Header add X-XSS-Protection "1"
Header add Content-Security-Policy "img-src 'self' data: *.iefeel.com *.baidu.com *.bdstatic.com *.baidubce.com *.baidubce.com:*; style-src 'self' 'unsafe-inline' *.iefeel.com *.baidu.com *.bdstatic.com *.baidubce.com *.baidubce.com:*; object-src 'self' blob: *.iefeel.com *.baidu.com *.bdstatic.com *.baidubce.com *.baidubce.com:*; media-src 'self' blob: *.iefeel.com *.baidu.com *.bdstatic.com *.baidubce.com *.baidubce.com:*; s.c.r.i.p.t-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.iefeel.com *.baidu.com *.bdstatic.com *.baidubce.com *.baidubce.com:*"
</IfModule>
说明:
请将s.c.r.i.p.t中间的点号去掉。
