Wiki

Nginx:Security Header: Difference between revisions

← Older edit
Kangtain (talk | contribs)
Bureaucrats, Interface administrators, Suppressors, Administrators
9,154 edits
VisualWikitext
No edit summary
No edit summary
 
Line 1: Line 1:
Tambahkan berikut ini di file nginx.conf di bawah blok server.
Tambahkan berikut ini di file nginx.conf di bawah blok server.
===Content Security Policy===
===Content Security Policy===
add_header Content-Security-Policy "default-src 'self';";
<syntaxhighlight lang="apache">add_header Content-Security-Policy "default-src 'self';";</syntaxhighlight>
 
===X-Frame-Options===
===X-Frame-Options===
add_header X-Frame-Options "DENY";
<syntaxhighlight lang="apache">add_header X-Frame-Options "DENY";</syntaxhighlight>
 
===X-XSS-Protection===
===X-XSS-Protection===
add_header X-XSS-Protection "1; mode=block";
<syntaxhighlight lang="apache">add_header X-XSS-Protection "1; mode=block";</syntaxhighlight>
 
===X-Content-Type-Options===
===X-Content-Type-Options===
add_header X-Content-Type-Options nosniff;
<syntaxhighlight lang="apache">add_header X-Content-Type-Options nosniff;</syntaxhighlight>
 
===HTTP Strict Transport Security===
===HTTP Strict Transport Security===
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
<syntaxhighlight lang="apache">add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';</syntaxhighlight>
 
==Source==
==Source==
*[https://beaglesecurity.com/blog/article/hardening-server-security-by-implementing-security-headers.html beaglesecurity.com]
*[https://beaglesecurity.com/blog/article/hardening-server-security-by-implementing-security-headers.html beaglesecurity.com]
[[Category:Server]]
[[Category:Server]]
[[Category:Web Server]]
[[Category:Web Server]]
[[Category:Nginx]]
[[Category:Nginx]]
[[Category:Security]]
[[Category:Security]]
Retrieved from "https://kangtain.com/wiki/index.php/Nginx:Security_Header"