summaryrefslogtreecommitdiffstats
path: root/roles/common-web/files
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common-web/files')
-rw-r--r--roles/common-web/files/etc/nginx/sites-available/default1
-rw-r--r--roles/common-web/files/etc/nginx/snippets/headers.conf4
2 files changed, 5 insertions, 0 deletions
diff --git a/roles/common-web/files/etc/nginx/sites-available/default b/roles/common-web/files/etc/nginx/sites-available/default
index 6df1615..6cbea18 100644
--- a/roles/common-web/files/etc/nginx/sites-available/default
+++ b/roles/common-web/files/etc/nginx/sites-available/default
@@ -1,11 +1,12 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log info;
# serve ACME challenges on all virtual hosts
# /!\ need to be served individually for each explicit virtual host as well!
include snippets/acme-challenge.conf;
+ include snippets/headers.conf;
}
diff --git a/roles/common-web/files/etc/nginx/snippets/headers.conf b/roles/common-web/files/etc/nginx/snippets/headers.conf
new file mode 100644
index 0000000..60e5ace
--- /dev/null
+++ b/roles/common-web/files/etc/nginx/snippets/headers.conf
@@ -0,0 +1,4 @@
+# https://securityheaders.io/
+add_header X-Frame-Options "SAMEORIGIN";
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 14:21:06 +0000