19 lines
965 B
Plaintext
19 lines
965 B
Plaintext
# This is an NGINX configuration file written and used by me in order to set security response headers.
|
|
#
|
|
# (c) Corrado Mulas <tlc@mulas.me>
|
|
#
|
|
# For the full copyright and license information, please view the LICENSE
|
|
# file that was distributed with this source code.
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
|
|
add_header Referrer-Policy "no-referrer" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
|
add_header X-Robots-Tag "noindex, nofollow" always;
|
|
|
|
add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), payment=(), usb=()" always;
|
|
|
|
add_header Cross-Origin-Opener-Policy "same-origin" always;
|