new security headers, recommended by ZAP scan #29

2021-04-05 18:21:55 +02:00 · 2021-04-05 18:21:55 +02:00 · 7b367cad23
commit 7b367cad23
parent a86fc49145
1 changed files with 8 additions and 0 deletions
--- a/etc/nginx/http.d/site.conf
+++ b/etc/nginx/http.d/site.conf
@ -5,6 +5,14 @@ server {
    root /var/www;
    index index.php index.html index.htm;

+    add_header Cross-Origin-Embedder-Policy require-corp;
+    add_header Cross-Origin-Resource-Policy same-origin;
+    add_header Cross-Origin-Opener-Policy same-origin;
+    add_header Referrer-Policy no-referrer;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Frame-Options deny;
+    add_header X-XSS-Protection "1; mode=block";
+
    location / {
        include /etc/nginx/location.d/*.conf;
        try_files $uri $uri/ /index.php$is_args$args;