mirror of
https://github.com/cheveguerra/Whaticket.git
synced 2026-04-17 19:26:18 +00:00
16 lines
575 B
Plaintext
16 lines
575 B
Plaintext
# X-Frame-Options is to prevent from clickJacking attack
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
|
|
# disable content-type sniffing on some browsers.
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
# This header enables the Cross-site scripting (XSS) filter
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
# This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
|
|
|
|
add_header Referrer-Policy "no-referrer-when-downgrade";
|
|
|
|
# Enables response header of "Vary: Accept-Encoding"
|
|
gzip_vary on; |