add(nginx): security headers for Nginx configuration files

2025-06-29 02:14:32 +00:00 · 2025-06-29 02:14:32 +00:00 · 6ca940f09b
commit 6ca940f09b
parent 1a694345b8
1 changed files with 14 additions and 0 deletions
--- a/xb-00-01/nginx/include/header-security.conf
+++ b/xb-00-01/nginx/include/header-security.conf
@ -0,0 +1,14 @@
+# Inferencium - xb-00-01
+# Nginx - Header - Security
+# Version: 1.0.0
+
+# Copyright 2025 Jake Winters
+# SPDX-License-Identifier: BSD-3-Clause
+
+
+add_header Strict-Transport-Security	"max-age=126200000; includeSubDomains; preload";
+add_header X-Frame-Options				"DENY";
+add_header X-Content-Type-Options		nosniff;
+add_header Content-Security-Policy		"default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'";
+add_header Referrer-Policy				no-referrer;
+