2021-11-13 18:42:52 +01:00
|
|
|
# A+ on https://securityheaders.io/
|
|
|
|
add_header X-Frame-Options deny;
|
|
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
add_header Referrer-Policy strict-origin;
|
|
|
|
add_header Cache-Control no-transform;
|
2023-10-01 22:43:00 +02:00
|
|
|
add_header Content-Security-Policy "script-src 'unsafe-inline'";
|
2021-11-13 18:42:52 +01:00
|
|
|
add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
|
|
|
|
# 6 months HSTS pinning
|
|
|
|
add_header Strict-Transport-Security max-age=16000000;
|