Kenneth Lee kennethklee

## nginx.conf
#don't send the nginx version number in error pages and Server header
server_tokens off;

# config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
# to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

# config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
	#don't send the nginx version number in error pages and Server header
	server_tokens off;

	# config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
	# to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

	# config to don't allow the browser to render the page inside an frame or iframe
	# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
	# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri