Browse Source

Add security headers to nginx configuration

Signed-off-by: Dušan Mitrović <dusan@dusanmitrovic.xyz>
master
Dušan Mitrović 1 month ago
parent
commit
8423873517
Signed by: dusan GPG Key ID: 8ADCE8E1BC42EB06
1 changed files with 8 additions and 0 deletions
  1. +8
    -0
      nginx.conf

+ 8
- 0
nginx.conf View File

@@ -17,6 +17,14 @@ server {
ssl_trusted_certificate /path/to/fullchain.pem;
ssl_session_timeout 5m;

# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
add_header Content-Security-Policy "default-src 'self';";
add_header Referrer-Policy "no-referrer";
add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";

root /var/www/express-starter;

location /static/ {


Loading…
Cancel
Save