feat: Add security header

https://securityheaders.com/
This commit is contained in:
Simon 2020-03-11 17:36:07 +01:00
parent 78266d5b7b
commit cc2bfd1234
1 changed files with 13 additions and 0 deletions

View File

@ -28,6 +28,19 @@ server {
# https://www.justegeek.fr/proteger-un-peu-plus-son-site-avec-la-balise-x-content-type-options/
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options DENY;
add_header Referrer-Policy "strict-origin-when-cross-origin";
# https://scotthelme.co.uk/content-security-policy-an-introduction/
add_header Content-Security-Policy "script-src 'self'";
# https://scotthelme.co.uk/a-new-security-header-feature-policy/
#add_header Feature-Policy "vibrate none";
# https://scotthelme.co.uk/hsts-the-missing-link-in-tls/
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
#Caching (save html pages for 7 days, rest as long as possible, no caching on frontpage)
expires $expires;