Nginx:Security Header: Difference between revisions
Created page with "Tambahkan berikut ini di file nginx.conf di bawah blok server. ===Content Security Policy=== add_header Content-Security-Policy "default-src 'self';"; ===X-Frame-Options=== add_header X-Frame-Options "DENY"; ===X-XSS-Protection=== add_header X-XSS-Protection "1; mode=block"; ===X-Content-Type-Options=== add_header X-Content-Type-Options nosniff; ===HTTP Strict Transport Security=== add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; prelo..." |
No edit summary |
||
| Line 1: | Line 1: | ||
Tambahkan berikut ini di file nginx.conf di bawah blok server. | Tambahkan berikut ini di file nginx.conf di bawah blok server. | ||
===Content Security Policy=== | ===Content Security Policy=== | ||
add_header Content-Security-Policy "default-src 'self';"; | add_header Content-Security-Policy "default-src 'self';"; | ||
===X-Frame-Options=== | ===X-Frame-Options=== | ||
add_header X-Frame-Options "DENY"; | add_header X-Frame-Options "DENY"; | ||
===X-XSS-Protection=== | ===X-XSS-Protection=== | ||
add_header X-XSS-Protection "1; mode=block"; | add_header X-XSS-Protection "1; mode=block"; | ||
===X-Content-Type-Options=== | ===X-Content-Type-Options=== | ||
add_header X-Content-Type-Options nosniff; | add_header X-Content-Type-Options nosniff; | ||
===HTTP Strict Transport Security=== | ===HTTP Strict Transport Security=== | ||
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; | add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; | ||
==Source== | ==Source== | ||
*[https://beaglesecurity.com/blog/article/hardening-server-security-by-implementing-security-headers.html beaglesecurity.com] | *[https://beaglesecurity.com/blog/article/hardening-server-security-by-implementing-security-headers.html beaglesecurity.com] | ||
[[Category:Server]] | |||
[[Category:Web Server]] | |||
[[Category:Nginx]] | |||
[[Category:Security]] | |||