Skip to content

Instantly share code, notes, and snippets.

@budiantoip

budiantoip/Nginx Security Headers.md

Last active March 9, 2025 15:33
Show Gist options
  • Save budiantoip/f370df17d66a7022ba2ecd2873a4afd5 to your computer and use it in GitHub Desktop.
Save budiantoip/f370df17d66a7022ba2ecd2873a4afd5 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx Security Headers
Raw
Nginx Security Headers.md

# Prevent MIME-type sniffing
add_header X-Content-Type-Options nosniff always;

# Enforce HTTPS for 1 year + subdomains
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

# Protect against clickjacking attacks
add_header X-Frame-Options SAMEORIGIN always;

# Prevent Cross-site scripting (XSS) add_header X-XSS-Protection "1; mode=block";

# Restrict browser features
add_header Permissions-Policy "geolocation=(), microphone=(), camera=(), usb=()" always;

# Cross-Origin Opener Policy
add_header Cross-Origin-Opener-Policy same-origin always;

# Content Security Policy (Modify as needed)
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'none'; base-uri 'self';" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'none'; base-uri 'self';" always;

# CORS Policy (Adjust as needed)
add_header Access-Control-Allow-Origin "*" always;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment