post

<p>You can add the following headers in your nginx.conf or server entry to improve website security</p>
<pre>
add_header X-Frame-Options sameorigin;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection '1; mode=block';
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'";
add_header Referrer-Policy strict-origin;
</pre>
<p>See <a href="https://serverok.in/nginx">Nginx</a></p>


How to configure Security Headers in Nginx