lsemenenko/wordpress-nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update security.conf

Browse Source 
Added new Referrer-policy header required for A rating. Commented on Feature policy being required in the future.
This commit is contained in:
Alex Norden 2018-12-04 13:33:02 +00:00 committed by GitHub
parent 3f52323dca
commit d195fbfbaf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
global/server/security.conf
View File

@ -16,4 +16,9 @@ add_header X-Xss-Protection "1; mode=block" always;
# Whitelist sources which are allowed to load assets (JS, CSS, etc). The following will block
# only none HTTPS assets, but check out https://scotthelme.co.uk/content-security-policy-an-introduction/
# for an in-depth guide on creating a more restrictive policy.
# add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
#To get a minimal A rating, add header Referrer-Policy. Consider adding Feature-Policy. Commented out by default.
#Referer policy - see for more info https://scotthelme.co.uk/a-new-security-header-referrer-policy/
#Feature policy - see for more info https://scotthelme.co.uk/a-new-security-header-feature-policy/
#add_header 'Referrer-Policy' 'origin';