Some additional nginx security settings

6225616b · Bob Mottram · c3f83276 · 6225616b
Commit 6225616b authored 7 years ago by Bob Mottram
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -138,6 +138,11 @@ function nginx_ssl {
    echo "    ssl_protocols $SSL_PROTOCOLS;" >> $filename
    echo "    ssl_ciphers '$SSL_CIPHERS';" >> $filename
    echo "    add_header Content-Security-Policy \"default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'\";" >> $filename
+    echo '    add_header X-XSS-Protection "1; mode=block";' >> $filename
+    echo '    add_header X-Robots-Tag none;' >> $filename
+    echo '    add_header X-Download-Options noopen;' >> $filename
+    echo '    add_header X-Permitted-Cross-Domain-Policies none;' >> $filename
+
    #nginx_stapling $1
 }