faustjs
faustjs copied to clipboard
Published
20 hours ago •
wpengine
wpengine
Add next-secure-headers in example projects
Tasks
- [ ] I have signed a Contributor License Agreement (CLA) with WP Engine.
- [ ] If a code change, I have written testing instructions that the whole team & outside contributors can understand.
- [ ] I have written and included a comprehensive changeset to properly document the changes I've made.
Description
Adds next-secure-headers in all example projects, providing secure default header configuration across the site.
Related Issue(s):
Testing
-Build and run one of the example projects -Inspect the response headers of each page. It should have the following headers as defined in the package doc
| next-secure-headers | Helmet | Comment | |
|---|---|---|---|
| Strict-Transport-Security | forceHTTPSRedirect |
hsts |
|
| X-Frame-Options | frameGuard |
frameguard |
|
| X-Download-Options | noopen |
ieNoOpen |
|
| X-Content-Type-Options | nosniff |
noSniff |
|
| X-XSS-Protection | xssProtection |
xssFilter |
|
| Content-Security-Policy | contentSecurityPolicy |
contentSecurityPolicy |
|
| Expect-CT | expectCT |
expectCt |
|
| Referrer-Policy | referrerPolicy |
referrerPolicy |
|
| X-DNS-Prefetch-Control | - | dnsPrefetchControl |
This has privacy implications but this improves performance. |
| Feature-Policy | - | featurePolicy |
Feature Policy improves security but it is working draft yet. |
| X-Powered-By | - | hidePoweredBy |
Next.js supports to remove this header in next.config.js. |
| Related to cache | - | nocache |
As Helmet said, caching has lots of benefits. |
| X-Permitted-Cross-Domain-Policies | - | crossdomain |
Adobe Flash is one of old web technologies. |
