Added headers for a more secure default.

author Artik Banana <lid@tuta.io>

Sun, 6 May 2018 14:19:29 +0000 (14:19 +0000)

committer Artik Banana <lid@tuta.io>

Sun, 6 May 2018 14:19:29 +0000 (14:19 +0000)
author Artik Banana <lid@tuta.io>
Sun, 6 May 2018 14:19:29 +0000 (14:19 +0000)
committer Artik Banana <lid@tuta.io>
Sun, 6 May 2018 14:19:29 +0000 (14:19 +0000)
diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx

index 895799a8edc81750d39aa40822c78c05c05448f0..44905da4961fd8d89ef564d655a673cfc94e8198 100644 (file)
--- a/installation/pleroma.nginx
+++ b/installation/pleroma.nginx
@@ -59,6 +59,16 @@ server {
          }
          # stop removing lines here.
  
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header X-Frame-Options DENY;
+        add_header X-Content-Type-Options nosniff;
+        add_header Referrer-Policy same-origin;
+        add_header X-Download-Options noopen;
+        
+        # Uncomment this only after you get HTTPS working.
+        # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
author	Artik Banana <lid@tuta.io>
	Sun, 6 May 2018 14:19:29 +0000 (14:19 +0000)
committer	Artik Banana <lid@tuta.io>
	Sun, 6 May 2018 14:19:29 +0000 (14:19 +0000)