|
|
|
@ -1,6 +1,2 @@ |
|
|
|
|
include /etc/nginx/snippets/security_headers_nocache.conf; |
|
|
|
|
add_header Cache-Control "public"; |
|
|
|
|
add_header Content-Security-Policy "default-src 'self'; media-src 'self' blob:; img-src 'self' blob:; object-src 'self' blob:; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube-nocookie.com/embed/ https://www.bitchute.com/embed/; connect-src 'self' wss://example.com/ wss://www.example.com/ wss://www.example.onion/ wss://example.onion/ wss://www.example.loki/ wss://example.loki/" always; |
|
|
|
|
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin" always; |
|
|
|
|
add_header X-Frame-Options "sameorigin" always; |
|
|
|
|
add_header X-Content-Type-Options "nosniff" always; |
|
|
|
|
add_header X-XSS-Protection "1; mode=block" always; |
|
|
|
|