Update nginx.conf to enhance security

add X-XSS-Protection and X-Content-Type-Options headers
4 years ago · 89fbde605f
1 changed files with 2 additions and 0 deletions
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -3,6 +3,8 @@ server {
    charset utf-8;

    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";

    location / {
        root /var/www/html;