16 lines
675 B
Plaintext
16 lines
675 B
Plaintext
# Enable HTTP Strict Transport Security (HSTS) to force clients to
|
|
# always connect via HTTPS (do not use if only testing)
|
|
add_header Strict-Transport-Security "max-age=31536000;" always;
|
|
# Enable cross-site filter (XSS) and tell browser to block detected
|
|
# attacks
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
# Prevent some browsers from MIME-sniffing a response away from the
|
|
# declared Content-Type
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
# Disallow the site to be rendered within a frame (clickjacking
|
|
# protection)
|
|
add_header X-Frame-Options "DENY" always;
|
|
|
|
# Indicate that we are serving http3 on port 443
|
|
add_header Alt-Svc 'h3=":443"; ma=864000';
|