commit e3255ed9f9b1d7bc0d9c9f82804136e232a15266 parent 280733bd93af564f84c3bb7bc045d00a5af25588 Author: root <root@taler.net> Date: Sat, 27 Aug 2016 12:18:39 +0200 set headers to improve security Diffstat:
| M | etc/nginx/conf.d/talerssl | | | 4 | ++++ |
1 file changed, 4 insertions(+), 0 deletions(-)
diff --git a/etc/nginx/conf.d/talerssl b/etc/nginx/conf.d/talerssl @@ -7,3 +7,7 @@ ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; +add_header X-XSS-Protection "1; mode=block" +add_header X-Frame-Options "SAMEORIGN" +add_header X-Content-Type-Options "nosniff" +add_header Content-Security-Policy "default-src 'self'"