Create hsts.conf

This commit is contained in:
VirtuBox 2018-01-15 18:51:21 +01:00 committed by GitHub
parent 562cc5e8c3
commit 91812b185a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions

View File

@ -0,0 +1,8 @@
# Warning : this line enable HSTS for your domain and all subdomains (ngx_http_headers_module is required) (31536000 seconds = 12 months)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
# Extra security headers
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";