faustjs
faustjs copied to clipboard
Add next-secure-headers in example projects
Tasks
- [ ] I have signed a Contributor License Agreement (CLA) with WP Engine.
- [ ] If a code change, I have written testing instructions that the whole team & outside contributors can understand.
- [ ] I have written and included a comprehensive changeset to properly document the changes I've made.
Description
Adds next-secure-headers
in all example projects, providing secure default header configuration across the site.
Related Issue(s):
Testing
-Build and run one of the example projects -Inspect the response headers of each page. It should have the following headers as defined in the package doc
next-secure-headers | Helmet | Comment | |
---|---|---|---|
Strict-Transport-Security | forceHTTPSRedirect |
hsts |
|
X-Frame-Options | frameGuard |
frameguard |
|
X-Download-Options | noopen |
ieNoOpen |
|
X-Content-Type-Options | nosniff |
noSniff |
|
X-XSS-Protection | xssProtection |
xssFilter |
|
Content-Security-Policy | contentSecurityPolicy |
contentSecurityPolicy |
|
Expect-CT | expectCT |
expectCt |
|
Referrer-Policy | referrerPolicy |
referrerPolicy |
|
X-DNS-Prefetch-Control | - | dnsPrefetchControl |
This has privacy implications but this improves performance. |
Feature-Policy | - | featurePolicy |
Feature Policy improves security but it is working draft yet. |
X-Powered-By | - | hidePoweredBy |
Next.js supports to remove this header in next.config.js . |
Related to cache | - | nocache |
As Helmet said, caching has lots of benefits. |
X-Permitted-Cross-Domain-Policies | - | crossdomain |
Adobe Flash is one of old web technologies. |