|
@@ -6,11 +6,17 @@
|
|
# Various security rules
|
|
# Various security rules
|
|
#
|
|
#
|
|
|
|
|
|
|
|
+{% if nginx_security_xframeoptions %}
|
|
# Clickjacking protection
|
|
# Clickjacking protection
|
|
add_header X-Frame-Options "sameorigin";
|
|
add_header X-Frame-Options "sameorigin";
|
|
|
|
+{% endif %}
|
|
|
|
|
|
|
|
+{% if nginx_security_xxssprotection %}
|
|
# Cross-site scripting (XSS) filter
|
|
# Cross-site scripting (XSS) filter
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
+{% endif %}
|
|
|
|
|
|
|
|
+{% if nginx_security_xcontenttypeoptions %}
|
|
# Prevents from MIME-sniffing a response away from the declared content-type
|
|
# Prevents from MIME-sniffing a response away from the declared content-type
|
|
add_header X-Content-Type-Options "nosniff";
|
|
add_header X-Content-Type-Options "nosniff";
|
|
|
|
+{% endif %}
|