ab-nginx/helpers/snippets/headersSecurity.conf

# these are common security headers that you can easily add to locations or
# entire server blocks by including this file
#   include /etc/nginx/snippets/headersSecurity.conf;

add_header Feature-Policy "geolocation 'self'";

add_header Referrer-Policy "same-origin" always;

add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options noopen;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-UA-Compatible "IE=edge";
add_header X-XSS-Protection "1; mode=block" always;

# prevent search engines from indexing sites on this server
# comment the line below if you are running public sites!
add_header X-Robots-Tag none;
refactor(CONFIG): update sample configuration defaults 2021-01-07 15:04:04 -07:00			`# these are common security headers that you can easily add to locations or`
			`# entire server blocks by including this file`
			`# include /etc/nginx/snippets/headersSecurity.conf;`

initial commit - skeleton setup 2019-10-16 23:44:47 -06:00			`add_header Feature-Policy "geolocation 'self'";`

struct(MOVE): move security headers to snippets from configs 2021-01-07 15:03:24 -07:00			`add_header Referrer-Policy "same-origin" always;`
initial commit - skeleton setup 2019-10-16 23:44:47 -06:00
			`add_header X-Content-Type-Options "nosniff" always;`
			`add_header X-Download-Options noopen;`
struct(MOVE): move security headers to snippets from configs 2021-01-07 15:03:24 -07:00			`add_header X-Frame-Options SAMEORIGIN;`
initial commit - skeleton setup 2019-10-16 23:44:47 -06:00			`add_header X-Permitted-Cross-Domain-Policies none;`
			`add_header X-UA-Compatible "IE=edge";`
			`add_header X-XSS-Protection "1; mode=block" always;`

docs(COMMENT): explain robots tag better 2021-01-05 16:56:49 -07:00			`# prevent search engines from indexing sites on this server`
			`# comment the line below if you are running public sites!`
			`add_header X-Robots-Tag none;`