18 lines
694 B
Plaintext
18 lines
694 B
Plaintext
# these are common security headers that you can easily add to locations or
|
|
# entire server blocks by including this file
|
|
# include /etc/nginx/snippets/headersSecurity.conf;
|
|
|
|
add_header Feature-Policy "geolocation 'self'";
|
|
|
|
add_header Referrer-Policy "same-origin" always;
|
|
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-Download-Options noopen;
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
add_header X-UA-Compatible "IE=edge";
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
# prevent search engines from indexing sites on this server
|
|
# comment the line below if you are running public sites!
|
|
add_header X-Robots-Tag none; |