Move Security Header to https server
This commit is contained in:
parent
cc7f4e8116
commit
e14c29dfea
1 changed files with 4 additions and 5 deletions
|
@ -18,11 +18,6 @@ http {
|
|||
server www;
|
||||
}
|
||||
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
add_header X-Frame-Options "DENY";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src https://code.jquery.com https://cdn.jsdelivr.net https://www.google-analytics.com https://www.googletagmanager.com 'self'; style-src https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'self'; font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; object-src 'none'";
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name sophia.events;
|
||||
|
@ -40,6 +35,10 @@ http {
|
|||
ssl_session_cache shared:SSL:20m;
|
||||
ssl_session_timeout 4h;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Frame-Options DENY;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src https://code.jquery.com https://cdn.jsdelivr.net https://www.google-analytics.com https://www.googletagmanager.com 'self'; style-src https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'self'; font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; object-src 'none'";
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
|
|
Loading…
Reference in a new issue