Phoenix - Your AI AssistantSecurity Header
- Posted:
- Proposals: 5
- Remote
- #4142879
- Awarded
have already sent a proposal. Description
Experience Level: Expert
Estimated project duration: 1 day or less
Hi
*****NOTE THIS IS DONE IN THE HOSTING NOT THE WEBITE. THE PLATFORM AUTO ADDS TOO THE WEBITE****
I need someone who is an expert in adding security headers.
If you have not done it before & only think you can do it, please do not apply.
Below is what I need done: (These are within our hosting platform & will be used as a standard profile for our clients).
X-DNS-Prefetch-Control
This header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth.
X-Frame-Options
Used to indicate whether or not a browser should be allowed to render a page in a , , or .
X-Content-Type-Options
Is used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed.
Referrer-Policy
This controls how much referrer information (sent via the Referer header) should be included with requests.
Cross-Origin-Resource-Policy
This response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource.
Cross-Origin-Opener-Policy
This response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents.
Cross-Origin-Embedder-Policy
This response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).
Strict-Transport-Security
This response header lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP.
e.g max-age=
X-XSS-Protection
This response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
e.g 1; mode=block
Content-Security-Policy
This response header allows web site administrators to control resources the user agent is allowed to load for a given page.
e.g default-src https:;
Content-Security-Policy-Report-Only
This response header allows web developers to experiment with policies by monitoring (but not enforcing) their effects. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.
e.g default-src https:;
Expect-CT
This header lets sites opt in to reporting and/or enforcement of Certificate Transparency requirements, to prevent the use of misissued certificates for that site from going unnoticed.
e.g max-age=86400, enforce, report-uri="https://foo.example/report"
Permissions-Policy
This header provides a mechanism to allow and deny the use of browser features in its own frame, and in content within any elements in the document.
e.g
I need this done ASAP
****************PLEASE STATE HOW MANY HOURS WORK THIS IS FOR YOU.*****************
****************MAKE SURE YOU ANSWER THE QUESTIONS******************
David
A.i.H. Ltd
*****NOTE THIS IS DONE IN THE HOSTING NOT THE WEBITE. THE PLATFORM AUTO ADDS TOO THE WEBITE****
I need someone who is an expert in adding security headers.
If you have not done it before & only think you can do it, please do not apply.
Below is what I need done: (These are within our hosting platform & will be used as a standard profile for our clients).
X-DNS-Prefetch-Control
This header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth.
X-Frame-Options
Used to indicate whether or not a browser should be allowed to render a page in a , , or .
X-Content-Type-Options
Is used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed.
Referrer-Policy
This controls how much referrer information (sent via the Referer header) should be included with requests.
Cross-Origin-Resource-Policy
This response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource.
Cross-Origin-Opener-Policy
This response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents.
Cross-Origin-Embedder-Policy
This response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).
Strict-Transport-Security
This response header lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP.
e.g max-age=
X-XSS-Protection
This response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
e.g 1; mode=block
Content-Security-Policy
This response header allows web site administrators to control resources the user agent is allowed to load for a given page.
e.g default-src https:;
Content-Security-Policy-Report-Only
This response header allows web developers to experiment with policies by monitoring (but not enforcing) their effects. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.
e.g default-src https:;
Expect-CT
This header lets sites opt in to reporting and/or enforcement of Certificate Transparency requirements, to prevent the use of misissued certificates for that site from going unnoticed.
e.g max-age=86400, enforce, report-uri="https://foo.example/report"
Permissions-Policy
This header provides a mechanism to allow and deny the use of browser features in its own frame, and in content within any elements in the document.
e.g
I need this done ASAP
****************PLEASE STATE HOW MANY HOURS WORK THIS IS FOR YOU.*****************
****************MAKE SURE YOU ANSWER THE QUESTIONS******************
David
A.i.H. Ltd
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.