Skip to content

Instantly share code, notes, and snippets.

@rayriffy

rayriffy/_security.conf

Created May 7, 2018 11:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rayriffy/b3b96643b5564d077ef956e1f080cfce to your computer and use it in GitHub Desktop.
Save rayriffy/b3b96643b5564d077ef956e1f080cfce to your computer and use it in GitHub Desktop.
Download ZIP
Security headers for NGINX server blocks
Raw
_security.conf
# STRICT ORIGIN WHEN CROSS ORIGIN
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment