From 103af8b4bb1f53636f34deb05762a5eafd70ef10 Mon Sep 17 00:00:00 2001
From: Bandie <bandie@chaospott.de>
Date: Sun, 26 Apr 2020 17:35:24 +0200
Subject: [PATCH] =?UTF-8?q?Security=20headers=E2=84=A2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 nginx/conf.d/headers.conf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/nginx/conf.d/headers.conf b/nginx/conf.d/headers.conf
index 71865ea..76e9436 100644
--- a/nginx/conf.d/headers.conf
+++ b/nginx/conf.d/headers.conf
@@ -1,4 +1,9 @@
 server_tokens off;
 add_header Last-Modified '27 Feb 1984 13:37 GMT' always;
 add_header X-Powered-By 'tux' always;
-add_header Access-Control-Allow-Origin 'https://cloud.chaospott.ru';
+add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cloud.chaospott.ru https://status.chaospott.de https://www.openstreetmap.org";
+add_header X-XSS-Protection "1; mode=block";
+add_header Referrer-Policy "no-referrer";
+add_header Feature-Policy "microphone 'none'; payment 'none'; sync-xhr 'self' https://chaospott.de/";
+add_header X-Frame-Options "SAMEORIGIN";
+add_header X-Content-Type-Options "nosniff";