Update headers.conf

4 years ago · dd9577fafc
parent 1dda493344
commit dd9577fafc
1 changed files with 3 additions and 1 deletions
--- a/nginx/snippets/headers.conf
+++ b/nginx/snippets/headers.conf
@ -1,4 +1,6 @@
 add_header X-XSS-Protection "1; mode=block";
-add_header Referrer-Policy "no-referrer";  
+add_header Referrer-Policy "no-referrer"; 
+add_header X-Content-Type-Options nosniff;
+add_header X-Frame-Options "DENY";
 add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none' *.example.com; script-src 'none'; style-src 'self' https: 'unsafe-inline'; img-src *; object-src 'none';frame-ancestors 'self' *.example.com";
 add_header Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; sync-xhr 'self' https://haveibeenpwned.com https://twofactorauth.org; usb 'none'; vr 'none'";