beenull/webinoly
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

http header warning

Browse source 
Warning text for some HTTP headers.
This commit is contained in:
Cristhian Martínez Ochoa 2017-12-18 21:44:07 -06:00
parent d97a3da0b5
commit 628718159f
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
templates/nginx/common/headers-html.conf
View file

@ -1,3 +1,6 @@
add_header Cache-Control "public, no-cache";
add_header Referrer-Policy "unsafe-url";
# The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header.
# https://content-security-policy.com/
#add_header Content-Security-Policy " ";

3
templates/nginx/common/headers-https.conf
View file

@ -1,2 +1,5 @@
# Be aware that inclusion in the preload list cannot easily be undone.
# Don't request inclusion unless you're sure that you can support HTTPS for your entire site and all its subdomains the long term.
# https://hstspreload.org/
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Strict-Transport-Security "max-age=31536000";