1234567891011121314151617 |
- # General security-related directives.
-
- # Don't offer up information about the version of Nginx we use
- server_tokens off;
-
- # Don't allow other websites to present our content in a frame/iframe.
- # This mitigates clickjacking attacks.
- add_header X-Frame-Options "SAMEORIGIN";
-
- # Don't allow browsers to try and sniff content types. This prevents
- # malicious user-generated content being misinterpreted.
- add_header X-Content-Type-Options "nosniff";
-
- # Enable XSS protection, if browsers don't already have it enabled
- # by default.
- add_header X-XSS-Protection "1; mode=block";
|