cfg/nginx/include/header-security.conf

# Inferencium - xa000-1
# Nginx - Configuration - Include - Header - Security
# Version: 0.1.0

# Copyright 2024 Jake Winters
# SPDX-License-Identifier: BSD-3-Clause


ssl_protocols					TLSv1.3;
ssl_early_data					off;
ssl_ciphers						"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
ssl_conf_command				Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
ssl_conf_command				Options PrioritizeChaCha;
ssl_prefer_server_ciphers		on;
ssl_ecdh_curve					x25519:secp256r1;
ssl_stapling					on;
ssl_stapling_verify				on;
ssl_session_timeout				1d;
ssl_session_cache				shared:MozSSL:10m;
ssl_session_cache				shared:ssl_session_cache:10m;
ssl_session_tickets				off;
add_header						Referrer-Policy no-referrer;
add_header						Strict-Transport-Security "max-age=126200000; includeSubDomains; preload";
add_header						X-Content-Type-Options nosniff;
add_header						X-Frame-Options "DENY";
add_header						Set-Cookie "Path=/;Secure;HttpOnly";
ignore_invalid_headers			on;
Add configuration file "Nginx - Include - Header - Security" This configuration file allows server configuration files to use the contained security headers without duplicating them across all server configuration files. CSP headers are not included due to how problematic they can be for some webpages. They will be included in their own configuration file for modularity. 2024-04-07 20:04:13 +00:00			`# Inferencium - xa000-1`
			`# Nginx - Configuration - Include - Header - Security`
			`# Version: 0.1.0`

			`# Copyright 2024 Jake Winters`
			`# SPDX-License-Identifier: BSD-3-Clause`


			`ssl_protocols TLSv1.3;`
			`ssl_early_data off;`
			`ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";`
			`ssl_conf_command Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";`
			`ssl_conf_command Options PrioritizeChaCha;`
			`ssl_prefer_server_ciphers on;`
			`ssl_ecdh_curve x25519:secp256r1;`
			`ssl_stapling on;`
			`ssl_stapling_verify on;`
			`ssl_session_timeout 1d;`
			`ssl_session_cache shared:MozSSL:10m;`
			`ssl_session_cache shared:ssl_session_cache:10m;`
			`ssl_session_tickets off;`
			`add_header Referrer-Policy no-referrer;`
			`add_header Strict-Transport-Security "max-age=126200000; includeSubDomains; preload";`
			`add_header X-Content-Type-Options nosniff;`
			`add_header X-Frame-Options "DENY";`
			`add_header Set-Cookie "Path=/;Secure;HttpOnly";`
			`ignore_invalid_headers on;`