-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathheaders.rules
More file actions
19 lines (16 loc) · 893 Bytes
/
headers.rules
File metadata and controls
19 lines (16 loc) · 893 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# HTTP Strict Transport Security: tells browsers to require https:// without first checking
# the http:// version for a redirect. Warning: it is difficult to change your mind.
#
# max-age: length of requirement in seconds (31536000 = 1 year)
# includeSubdomains: force SSL for *ALL* subdomains (remove if this is not what you want)
# preload: indicates you want browsers to ship with HSTS preloaded for your domain.
#
# Submit your domain for preloading in browsers at: https://hstspreload.appspot.com
add_header Strict-Transport-Security 'max-age=31536000';
# If you can turn on HTTPS for *all* subdomains, use this version
# and submit your domain for preloading:
#
# add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';