|
@@ -1,7 +1,7 @@
|
1
|
1
|
server_tokens off;
|
2
|
2
|
|
3
|
3
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
4
|
|
-add_header Content-Security-Policy "require-sri-for script; default-src 'none'; script-src 'self' 'sha384-m2EXauJIeXunnu9rWV0uaFjwoSeSA+jEbAKdI5sQaGiiiOwht/hOVB/8lq2JI8Bd'; img-src 'self' https://photos.chameth.com https://a.c5h.io; style-src 'self'; font-src 'self'; frame-ancestors: 'none'; form-action: 'none'; base-uri: 'none';";
|
|
4
|
+add_header Content-Security-Policy "require-sri-for script; default-src 'none'; script-src 'self' 'sha384-m2EXauJIeXunnu9rWV0uaFjwoSeSA+jEbAKdI5sQaGiiiOwht/hOVB/8lq2JI8Bd'; img-src 'self' https://photos.chameth.com https://a.c5h.io; style-src 'self'; font-src 'self'; frame-ancestors 'none'; form-action 'none'; base-uri 'none';";
|
5
|
5
|
add_header X-Frame-Options "SAMEORIGIN";
|
6
|
6
|
add_header X-Content-Type-Options "nosniff";
|
7
|
7
|
add_header X-XSS-Protection "1; mode=block";
|