Security headers™

This commit is contained in:
Bandie 2020-04-26 17:35:24 +02:00
parent 52545a460b
commit 103af8b4bb
Signed by: Bandie
GPG Key ID: 843D7FA93BA46312

View File

@ -1,4 +1,9 @@
server_tokens off;
add_header Last-Modified '27 Feb 1984 13:37 GMT' always;
add_header X-Powered-By 'tux' always;
add_header Access-Control-Allow-Origin 'https://cloud.chaospott.ru';
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cloud.chaospott.ru https://status.chaospott.de https://www.openstreetmap.org";
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "no-referrer";
add_header Feature-Policy "microphone 'none'; payment 'none'; sync-xhr 'self' https://chaospott.de/";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";