From 54261953e711e67e4ee28f788ea35bcab0e86654 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 30 Mar 2016 21:45:43 +0300 Subject: Set HTTP security headers. See https://securityheaders.io . --- roles/common-web/files/etc/nginx/snippets/headers.conf | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 roles/common-web/files/etc/nginx/snippets/headers.conf (limited to 'roles/common-web/files/etc/nginx/snippets') diff --git a/roles/common-web/files/etc/nginx/snippets/headers.conf b/roles/common-web/files/etc/nginx/snippets/headers.conf new file mode 100644 index 0000000..60e5ace --- /dev/null +++ b/roles/common-web/files/etc/nginx/snippets/headers.conf @@ -0,0 +1,4 @@ +# https://securityheaders.io/ +add_header X-Frame-Options "SAMEORIGIN"; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; -- cgit v1.2.3