From 5aafc1ad47f3841269218e139d6c7419cdf94379 Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@linuxprogramming.mshome.net>
Date: Mon, 3 Jun 2019 21:07:17 -0600
Subject: [PATCH] organized, change referrer policy, add edge header

---
 etc/nginx/conf.d/securityHeaders.conf | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/etc/nginx/conf.d/securityHeaders.conf b/etc/nginx/conf.d/securityHeaders.conf
index 5314eb6..d6fbdd1 100644
--- a/etc/nginx/conf.d/securityHeaders.conf
+++ b/etc/nginx/conf.d/securityHeaders.conf
@@ -3,10 +3,14 @@
 ### (HTTPS specific headers are added in HTTPS configuration)
 #######
 
-add_header X-Robots-Tag none;
-add_header X-Download-Options noopen;
-add_header X-Permitted-Cross-Domain-Policies none;
-add_header X-Content-Type-Options "nosniff" always;
-add_header X-XSS-Protection "1; mode=block" always;
-add_header Referrer-Policy "no-referrer" always;
 add_header Feature-Policy "geolocation 'self'";
+
+add_header Referrer-Policy "strict-origin" always;
+
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-Download-Options noopen;
+add_header X-Frame-Options DENY;
+add_header X-Permitted-Cross-Domain-Policies none;
+add_header X-Robots-Tag none;
+add_header X-UA-Compatible "IE=edge";
+add_header X-XSS-Protection "1; mode=block" always;
\ No newline at end of file