This is a short guide on how to add a header to a web server. I'm creating this to use as a refence for other posts.
If you do know what a header is, but need a quick reminder on how to add one to a server you're not familiar with or haven't used in a while, see below.
Apache Web Servers
For Apache, edit your httpd.conf or .htaccess file to the following:
Header set Content-Security-Policy-Report-Only "default-src 'none'; form-action 'none'; frame-ancestors 'none';"
IIS Web Servers
- Open IIS Manager
- Select the site
- Go to HTTP Response Headers and under actions click "Add".
- Enter the name
default-src 'none'; form-action 'none'; frame-ancestors 'none';.
Nginx Web Servers
For Nginx, edit your nginx.conf file to below:
add_header Content-Security-Policy-Report-Only "default-src 'none'; form-action 'none'; frame-ancestors 'none';"
If you use something awesome like Netlify, they have a how to. Plugins also exist for frameworks like Gatsby on Netlify. As of writing this, I'm using this setup for my blog & love it. I highly recommend this setup for any front end of a website unless it has a long build time & frequent updates. You get a CDN, a performance optimized configuration, continous deployment, & A/B testing for free.