summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--nginx/repsys_kyriasis_com.sls15
1 files changed, 3 insertions, 12 deletions
diff --git a/nginx/repsys_kyriasis_com.sls b/nginx/repsys_kyriasis_com.sls
index e2e7a65..f42de25 100644
--- a/nginx/repsys_kyriasis_com.sls
+++ b/nginx/repsys_kyriasis_com.sls
@@ -9,6 +9,8 @@ nginx:
- listen: 80
- listen: '[::]:80'
+ - include: snippets/security_headers.conf
+
- location /.well-known/acme-challenge:
- root: /srv/http
@@ -30,18 +32,7 @@ nginx:
- ssl_stapling_verify: 'on'
- ssl_trusted_certificate: /etc/letsencrypt/live/repsys.kyriasis.com/fullchain.pem
- # https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
-
- # Tell browsers not to render the page inside a frame, and avoid clickjacking.
- - add_header: X-Frame-Options SAMEORIGIN
-
- # Tell browsers to not try to auto-detect the Content-Type.
- - add_header: X-Content-Type-Options nosniff
-
- # Enable the Cross-site scripting filter in most recent browsers.
- # Normally enabled by default, but enable it anyway if user has disabled it.
- - add_header: 'X-XSS-Protection "1; mode=block"'
+ - include: snippets/security_headers.conf
# http://www.gnuterrypratchett.com/
- add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'