|
@@ -33,7 +33,7 @@ http {
|
33
|
33
|
server_tokens off;
|
34
|
34
|
|
35
|
35
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
36
|
|
- add_header Content-Security-Policy "require-sri-for script; default-src 'none'; script-src 'self' 'sha384-m2EXauJIeXunnu9rWV0uaFjwoSeSA+jEbAKdI5sQaGiiiOwht/hOVB/8lq2JI8Bd'; img-src 'self' https://photos.chameth.com https://a.c5h.io; style-src 'self'; font-src 'self'; frame-ancestors 'none'; form-action 'none'; base-uri 'none';";
|
|
36
|
+ add_header Content-Security-Policy "require-sri-for script; default-src 'none'; script-src 'self' 'sha384-m2EXauJIeXunnu9rWV0uaFjwoSeSA+jEbAKdI5sQaGiiiOwht/hOVB/8lq2JI8Bd'; img-src 'self' https://photos.chameth.com https://a.c5h.io; style-src 'self'; font-src 'self'; frame-ancestors 'none'; frame-src https://contact.chameth.com; form-action 'none'; base-uri 'none';";
|
37
|
37
|
add_header X-Frame-Options "SAMEORIGIN";
|
38
|
38
|
add_header X-Content-Type-Options "nosniff";
|
39
|
39
|
add_header X-XSS-Protection "1; mode=block";
|