Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # security headers
- add_header X-Frame-Options "SAMEORIGIN" always;
- add_header X-XSS-Protection "1; mode=block" always;
- add_header X-Content-Type-Options "nosniff" always;
- add_header Referrer-Policy "no-referrer-when-downgrade" always;
- add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
- add_header X-Frame-Options DENY;
- add_header X-Content-Type-Options nosniff;
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
- # . files
- location ~ /\.(?!well-known) {
- deny all;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement