Merge pull request #38 from yeoldegrove/master

add_header Referrer-Policy "no-referrer" always
2025-04-19 12:09:21 +00:00 · 2018-12-05 20:00:07 +01:00 · 2018-12-05 20:00:07 +01:00 · ccab38ea56
commit ccab38ea56
parent 96b0c4f032 1bf7360aa6
1 changed files with 4 additions and 1 deletions
--- a/rootfs/nginx/sites-enabled/nginx.conf
+++ b/rootfs/nginx/sites-enabled/nginx.conf
@ -3,13 +3,16 @@ server {
        root /nextcloud;
        
        fastcgi_buffers 64 4K;
-        
+
+        # https://docs.nextcloud.com/server/14/admin_manual/configuration_server/harden_server.html?highlight=security#enable-http-strict-transport-security
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
+        # https://docs.nextcloud.com/server/14/admin_manual/configuration_server/harden_server.html?highlight=security#serve-security-related-headers-by-the-web-server
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header Referrer-Policy "no-referrer" always;

        location = /robots.txt {
            allow all;