http header warning
Warning text for some HTTP headers.
This commit is contained in:
parent
d97a3da0b5
commit
628718159f
|
@ -1,3 +1,6 @@
|
|||
add_header Cache-Control "public, no-cache";
|
||||
add_header Referrer-Policy "unsafe-url";
|
||||
|
||||
# The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header.
|
||||
# https://content-security-policy.com/
|
||||
#add_header Content-Security-Policy " ";
|
||||
|
|
|
@ -1,2 +1,5 @@
|
|||
# Be aware that inclusion in the preload list cannot easily be undone.
|
||||
# Don't request inclusion unless you're sure that you can support HTTPS for your entire site and all its subdomains the long term.
|
||||
# https://hstspreload.org/
|
||||
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
|
|
Loading…
Reference in a new issue