Home Explore Help
Sign In
sarman
/
tftsr_ai
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f188c046ed
Branches Tags
tftsr_ai
/
tftsr_nginx-hardening
/
roles
/
nginx_hardening
/
templates
/
security_headers.conf.j2

security_headers.conf.j2 652 B
History Raw

1234567891011121314151617 
  1. # Managed by Ansible — do not edit manually
    2. 

  2. 

  3. server_tokens off;
    4. 

  4. 

  5. # Rate limiting zone definition
    6. 

  6. limit_req_zone {{ nginx_rate_limit_req_zone }};
    7. 

  7. 

  8. # Client body size limit
    9. 

  9. client_max_body_size {{ nginx_client_max_body_size }};
    10. 

  10. 

  11. # Security headers
    12. 

  12. add_header Strict-Transport-Security "max-age={{ nginx_hsts_max_age }}; includeSubDomains; preload" always;
    13. 

  13. add_header X-Frame-Options SAMEORIGIN always;
    14. 

  14. add_header X-Content-Type-Options nosniff always;
    15. 

  15. add_header Referrer-Policy strict-origin-when-cross-origin always;
    16. 

  16. add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
    17. 

  17. add_header X-XSS-Protection "1; mode=block" always;
    18.