homepage/docker/server/headers.include

# Enable HTTP Strict Transport Security (HSTS) to force clients to
# always connect via HTTPS (do not use if only testing)
add_header Strict-Transport-Security "max-age=31536000;" always;
# Enable cross-site filter (XSS) and tell browser to block detected
# attacks
add_header X-XSS-Protection "1; mode=block" always;
# Prevent some browsers from MIME-sniffing a response away from the
# declared Content-Type
add_header X-Content-Type-Options "nosniff" always;
# Disallow the site to be rendered within a frame (clickjacking
# protection)
add_header X-Frame-Options "DENY" always;

# Surrogate Control sets CDN caching behavior.
add_header Surrogate-Control "public, max-age=86400";
add_header Cache-Control "public, max-age=120";
Add some headers like HSTS. 2023-07-10 06:17:10 +00:00			`# Enable HTTP Strict Transport Security (HSTS) to force clients to`
			`# always connect via HTTPS (do not use if only testing)`
			`add_header Strict-Transport-Security "max-age=31536000;" always;`
			`# Enable cross-site filter (XSS) and tell browser to block detected`
			`# attacks`
			`add_header X-XSS-Protection "1; mode=block" always;`
			`# Prevent some browsers from MIME-sniffing a response away from the`
			`# declared Content-Type`
			`add_header X-Content-Type-Options "nosniff" always;`
			`# Disallow the site to be rendered within a frame (clickjacking`
			`# protection)`
			`add_header X-Frame-Options "DENY" always;`
Add cache control headers. 2023-07-11 05:01:25 +00:00
			`# Surrogate Control sets CDN caching behavior.`
			`add_header Surrogate-Control "public, max-age=86400";`
			`add_header Cache-Control "public, max-age=120";`