16 lines
792 B
Text
16 lines
792 B
Text
location ~* /\.(?!well-known\/) {
|
|
deny all;
|
|
}
|
|
|
|
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
|
|
deny all;
|
|
}
|
|
|
|
add_header Cache-Control "no-transform";
|
|
add_header Content-Security_policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
|
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
# https://github.com/h5bp/server-configs-nginx/blob/master/h5bp/directive-only/extra-security.conf
|
|
# add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com;" always;
|