nginx and old security headers

Nginx   

  # security headers

    add_header Permissions-Policy "interest-cohort=()" always;

add_header X-Frame-Options SAMEORIGIN;

    add_header X-Content-Type-Options nosniff;

    add_header Referrer-Policy no-referrer-when-downgrade;

    add_header X-XSS-Protection "0; mode=block";

    add_header Expect-CT "max-age=63072000, enforce";

    add_header X-Permitted-Cross-Domain-Policies master-only;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";

    add_header Content-Security-Policy "upgrade-insecure-requests";

ols

Strict-Transport-Security: max-age=31536000; includeSubDomains

Content-Security-Policy "upgrade-insecure-requests";

X-Content-Type-Options "nosniff" always

X-Frame-Options: SAMEORIGIN

Referrer-Policy: no-referrer-when-downgrade

Permissions-Policy "interest-cohort=()" always;


Grade A+ https://www.vevioz.com

Post a Comment

أحدث أقدم