From 1cf8818286ddb91d72c4f31c57401b81c0c95c84 Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@bacchus.cloud>
Date: Fri, 4 Jan 2019 02:01:11 -0700
Subject: [PATCH] added security headers (non HTTPS)

---
 conf.d/securityHeaders.conf | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 conf.d/securityHeaders.conf

diff --git a/conf.d/securityHeaders.conf b/conf.d/securityHeaders.conf
new file mode 100644
index 0000000..9dd36ee
--- /dev/null
+++ b/conf.d/securityHeaders.conf
@@ -0,0 +1,11 @@
+#######
+### NGINX configuration - add security related headers
+### (HTTPS specific headers are added in HTTPS configuration)
+#######
+
+add_header X-Robots-Tag none;
+add_header X-Download-Options noopen;
+add_header X-Permitted-Cross-Domain-Policies none;
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-XSS-Protection "1; mode=block" always;
+add_header Referrer-Policy "same-origin" always;