-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecurity-headers.conf
More file actions
16 lines (14 loc) · 1.01 KB
/
Copy pathsecurity-headers.conf
File metadata and controls
16 lines (14 loc) · 1.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Security headers snippet, installed at /etc/nginx/snippets/security-headers.conf
# by the Dockerfile. `include`d from every location in satofinder.conf so the
# headers are uniform across every response.
# frame-ancestors via meta-tag CSP is ignored by browsers — it must be a real
# response header. Combined with X-Frame-Options for older clients.
add_header Content-Security-Policy "frame-ancestors 'none'" always;
add_header X-Frame-Options "DENY" always;
# Strong defaults for the remaining browser-side controls.
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always;
add_header Permissions-Policy "clipboard-write=(self), interest-cohort=(), camera=(), microphone=(), geolocation=(), payment=(), usb=(), bluetooth=(), accelerometer=(), gyroscope=(), magnetometer=()" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Cross-Origin-Opener-Policy "same-origin" always;
add_header Cross-Origin-Resource-Policy "same-origin" always;