install.fairie/home/dot_local/etc/nginx/snippets/security.conf

17 lines
792 B
Text
Raw Normal View History

2023-07-08 23:49:14 -07:00
location ~* /\.(?!well-known\/) {
deny all;
}
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
deny all;
}
add_header Cache-Control "no-transform";
add_header Content-Security_policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
# https://github.com/h5bp/server-configs-nginx/blob/master/h5bp/directive-only/extra-security.conf
# add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com;" always;