Nginx:Security Header: Difference between revisions

Latest revision as of 17:19, 30 August 2022

Tambahkan berikut ini di file nginx.conf di bawah blok server.

add_header Content-Security-Policy "default-src 'self';";

add_header X-Frame-Options "DENY";

add_header X-XSS-Protection "1; mode=block";

add_header X-Content-Type-Options nosniff;

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';

@@ Line 2: / Line 2: @@
 ===Content Security Policy===
- add_header Content-Security-Policy "default-src 'self';";
+<syntaxhighlight lang="apache">add_header Content-Security-Policy "default-src 'self';";</syntaxhighlight>
 ===X-Frame-Options===
- add_header X-Frame-Options "DENY";
+<syntaxhighlight lang="apache">add_header X-Frame-Options "DENY";</syntaxhighlight>
 ===X-XSS-Protection===
- add_header X-XSS-Protection "1; mode=block";
+<syntaxhighlight lang="apache">add_header X-XSS-Protection "1; mode=block";</syntaxhighlight>
 ===X-Content-Type-Options===
- add_header X-Content-Type-Options nosniff;
+<syntaxhighlight lang="apache">add_header X-Content-Type-Options nosniff;</syntaxhighlight>
 ===HTTP Strict Transport Security===
- add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
+<syntaxhighlight lang="apache">add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';</syntaxhighlight>
 ==Source==
 *[https://beaglesecurity.com/blog/article/hardening-server-security-by-implementing-security-headers.html beaglesecurity.com]
+[[Category:Server]]
+[[Category:Web Server]]
+[[Category:Nginx]]
+[[Category:Security]]