how to enable missing Security header?
#5
(2017-05-27, 04:28 PM)Michael2014 Wrote: How does one install these two headers into mybb?

Public-Key-Pins and Referrer-Policy

See examples for Apache and nginx: https://docs.mybb.com/1.8/administration...ty-headers
You can set Referrer-Policy to no-referrer-when-downgrade on public pages and more strict values for the ACP and similar locations.

Make sure you understand how key pinning works if you decide to introduce it - some basic summaries:
https://scotthelme.co.uk/hpkp-http-public-key-pinning/
https://news.netcraft.com/archives/2016/...wrong.html
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply


Messages In This Thread
RE: how to enable missing Security header? - by Devilshakerz - 2017-05-27, 04:49 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)