13 lines
681 B
Django/Jinja
13 lines
681 B
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
# Strict Transport Security (HSTS), Tell browsers to use only https (adding includeSubDomains would also force subdomains to use HSTS)
|
|
add_header Strict-Transport-Security "max-age=15552000; preload" always;
|
|
|
|
# Expect Certificate Transparency and -Stapling, Security measures for checking HTTPS-certificate validity/revocation
|
|
add_header Expect-CT 'enforce; max-age=86400;' always;
|
|
add_header Expect-Staple 'max-age=86400; preload' always;
|
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-Xss-Protection "1; mode=block" always;
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|