feat(nginx): add security headers to file for include-based headers

2025-06-28 21:07:04 +00:00 · 2025-06-28 21:07:04 +00:00 · d9923a82f6
commit d9923a82f6
parent 5b536fe275
1 changed files with 6 additions and 0 deletions
--- a/xb-00-01/nginx/include/header-security.conf
+++ b/xb-00-01/nginx/include/header-security.conf
@ -0,0 +1,6 @@
+		add_header Strict-Transport-Security	"max-age=126200000; includeSubDomains; preload";
+		add_header X-Frame-Options				"DENY";
+		add_header X-Content-Type-Options		nosniff;
+		add_header Content-Security-Policy		"default-src 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'none'; connect-src 'none'; frame-src 'none'; style-src 'self'; font-src 'self'";
+		add_header Referrer-Policy				no-referrer;
+