securityheaders | Check any website for insecure | Security library

1° I need to implement the permissions-policy header in the .htacces file

2° I spent a whole day looking for the header on the internet, but yet, i found only explanations that i did not understand a 100% how to implement that.

3° The better explanation that i found about the header is in this article Permissions-Policy. i inserted this line of code in the .htacces file to make the magic happens, BUT i didn't get the Green Flag on the securityheaders

I am having the following azure endpoint definition and I need to define several similar endpoints.

How can I reuse the delivery_rule definitions and global_delivery_rule so that I define them only once.

What is the best practice to achieve this?

Thank you in advance!

I have a CakePHP application running on Cake PHP 3.8.13 and CakeDC Users 8.5.1.

I am currently able to log on using the username field, but I would like to use the email field for authentication. I have followed the instructions on https://github.com/CakeDC/users/blob/master/Docs/Documentation/Configuration.md#using-the-users-email-to-login but the system is still trying to use the username field. If I change email to username in the src/Template/Plugin/CakeDC/Users/Users/login.ctp I can log in using the username.

How can I get it to use the email field instead?

src/Application.php

we have pure angular application ( not hosted in asp.net mvc core ) deployed to azure app service.

now requirement is, we need to add few security headers mentioned here

1. https://securityheaders.com/

2. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

as well, wanted to remove X-Powered-By: ASP.NET header too.

so far on internet or my own search, what i found so far is to add in webconfig file, but remember,we have just angular app.

why should i use webconfig for that?

in your experience, how do you handle this situation? or what is the best answer?

Thanks in advance.

Have created new users to login in my RDECK_BASE/server/config/realm.properties

have added admin:admin,user,admin user:user,user demo:demo,user,demo

and i have added aclpolicy using the Rundeck tool, so whenever i log in using diff user or with admin credentials,The Project pages become blank.

demo.aclpolicy

I'm pretty new to web development, I might talk non-sense. After following some tutorials I've found a way to deploy a Blazor webapp on Netlify. For that I'm using a DotNet action on Github. It works almost perfectly, here is is the link: https://chefty.netlify.com. The thing is, my website is blocked by my antivirus (Avast). Page is stuck on "Loading..." blank screen saying "An unhandled error has occurred. Reload". I ended up looking for solutions and found out that it could come from the fact I'm missing a _headers file. People were also advising to add a _redirects file. So I added those to the root of my website, next to index.html:

_headers

I like this site a lot

https://securityheaders.com/?q=localhost&followRedirects=on

I want to use it to scan my local project

I can't seem to do that

Is there a way to check security headers on local project that not live yet ?

securityheaders.com fails my configurations with the following error:

I am trying to get content security policies working correctly on my website, but I am getting content blocked even when it should be allowed. Using Google's CSP Evaluator on my site I can see the rules: