2019-01-04 02:01:11 -07:00
|
|
|
#######
|
|
|
|
### NGINX configuration - add security related headers
|
|
|
|
### (HTTPS specific headers are added in HTTPS configuration)
|
|
|
|
#######
|
|
|
|
|
|
|
|
add_header X-Robots-Tag none;
|
|
|
|
add_header X-Download-Options noopen;
|
|
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
2019-01-04 04:44:37 -07:00
|
|
|
add_header Referrer-Policy "no-referrer" always;
|
|
|
|
add_header Feature-Policy "geolocation 'self'";
|