noah/Nginx_Confs
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Updating conf to include secure cookies and XFO via CSP frame-ancestors

Browse Source
This commit is contained in:
Noah L. Schrick 2022-06-27 11:03:41 -05:00
parent a6547f9136
commit 10d6802196
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
element/element.theschricks.com.conf
View File

@ -28,6 +28,10 @@ server {
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "SAMEORIGIN";
add_header Referrer-Policy "strict-origin"; add_header Referrer-Policy "strict-origin";
add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"; add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
add_header Set-Cookie "Path=/; HttpOnly; Secure";
# CSP
add_header Content-Security-Policy "frame-ancestors 'self'";
# OCSP stapling # OCSP stapling
ssl_stapling on; ssl_stapling on;

BIN
element/scoring/Mozilla_Observatory.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 35 KiB

After

Width:  |  Height:  |  Size: 32 KiB