Move Security Header to https server
This commit is contained in:
parent
cc7f4e8116
commit
e14c29dfea
1 changed files with 4 additions and 5 deletions
|
@ -18,11 +18,6 @@ http {
|
||||||
server www;
|
server www;
|
||||||
}
|
}
|
||||||
|
|
||||||
add_header X-Content-Type-Options "nosniff";
|
|
||||||
add_header X-Frame-Options "DENY";
|
|
||||||
add_header X-XSS-Protection "1; mode=block";
|
|
||||||
add_header Content-Security-Policy "default-src 'self'; script-src https://code.jquery.com https://cdn.jsdelivr.net https://www.google-analytics.com https://www.googletagmanager.com 'self'; style-src https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'self'; font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; object-src 'none'";
|
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name sophia.events;
|
server_name sophia.events;
|
||||||
|
@ -40,6 +35,10 @@ http {
|
||||||
ssl_session_cache shared:SSL:20m;
|
ssl_session_cache shared:SSL:20m;
|
||||||
ssl_session_timeout 4h;
|
ssl_session_timeout 4h;
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
|
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-Frame-Options DENY;
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header Content-Security-Policy "default-src 'self'; script-src https://code.jquery.com https://cdn.jsdelivr.net https://www.google-analytics.com https://www.googletagmanager.com 'self'; style-src https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com 'self'; font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; object-src 'none'";
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
|
Loading…
Reference in a new issue