added security headers (non HTTPS)
This commit is contained in:
parent
8aed718cfa
commit
1cf8818286
11
conf.d/securityHeaders.conf
Normal file
11
conf.d/securityHeaders.conf
Normal file
@ -0,0 +1,11 @@
|
||||
#######
|
||||
### NGINX configuration - add security related headers
|
||||
### (HTTPS specific headers are added in HTTPS configuration)
|
||||
#######
|
||||
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "same-origin" always;
|
Loading…
Reference in New Issue
Block a user