cfg/xb-00-01/nginx/include/header-security.conf

		add_header Strict-Transport-Security	"max-age=126200000; includeSubDomains; preload";
		add_header X-Frame-Options				"DENY";
		add_header X-Content-Type-Options		nosniff;
		add_header Content-Security-Policy		"default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'";
		add_header Referrer-Policy				no-referrer;
feat(nginx): add security headers to file for include-based headers 2025-06-28 21:07:04 +00:00			`add_header Strict-Transport-Security "max-age=126200000; includeSubDomains; preload";`
			`add_header X-Frame-Options "DENY";`
			`add_header X-Content-Type-Options nosniff;`
			`add_header Content-Security-Policy "default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'";`
			`add_header Referrer-Policy no-referrer;`