cirko/wordpress-nginx
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge d195fbfbaf into 78a7eef119

Browse Source
This commit is contained in:
Alex Norden 2018-12-18 15:57:58 +00:00 committed by GitHub
commit 4082398aeb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
global/server/security.conf
View File

@ -16,4 +16,9 @@ add_header X-Xss-Protection "1; mode=block" always;
# Whitelist sources which are allowed to load assets (JS, CSS, etc). The following will block # Whitelist sources which are allowed to load assets (JS, CSS, etc). The following will block
# only none HTTPS assets, but check out https://scotthelme.co.uk/content-security-policy-an-introduction/ # only none HTTPS assets, but check out https://scotthelme.co.uk/content-security-policy-an-introduction/
# for an in-depth guide on creating a more restrictive policy. # for an in-depth guide on creating a more restrictive policy.
# add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always; # add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
#To get a minimal A rating, add header Referrer-Policy. Consider adding Feature-Policy. Commented out by default.
#Referer policy - see for more info https://scotthelme.co.uk/a-new-security-header-referrer-policy/
#Feature policy - see for more info https://scotthelme.co.uk/a-new-security-header-feature-policy/
#add_header 'Referrer-Policy' 'origin';