nginx: add Upgrade Insecure Requests

http://caniuse.com/#feat=upgradeinsecurerequests
This commit is contained in:
Aminda Suomalainen 2015-09-23 17:49:17 +03:00
parent 0024333230
commit 650829aea9
3 changed files with 3 additions and 0 deletions

View File

@ -33,6 +33,7 @@ server {
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them

View File

@ -7,6 +7,7 @@ server {
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
server_name something.example.org;

View File

@ -9,6 +9,7 @@ server {
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
root /var/www/vhostdir;
index index.php index.html index.htm;