Add security headers to nginx configuration

girleffect · Apr 26, 2024 · e25576d · e25576d
1 parent 2dc04b1
commit e25576d
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/nginx/conf.d/django.conf b/nginx/conf.d/django.conf
@@ -45,6 +45,12 @@ server {
         proxy_pass http://gunicorn;
     }
 
+    add_header X-Frame-Options SAMEORIGIN always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+    # add_header Content-Security-Policy "default-src https: 'self';" always;
+    add_header Referrer-Policy "same-origin" always;
+
     add_header X-Frame-Options SAMEORIGIN always;
     add_header X-Content-Type-Options nosniff always;
     add_header Strict-Transport-Security "max-age=31536000" always;