From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 24 Jan 2019 17:04:39 +0000 (-0200)
Subject: Some clickjacking protections
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=e60fa624d120620f7ac3c8c8a88dff76811c6376;p=puppet-nginx.git

Some clickjacking protections
---

diff --git a/templates/site-ssl.erb b/templates/site-ssl.erb
index a370bc7..5b9ce04 100644
--- a/templates/site-ssl.erb
+++ b/templates/site-ssl.erb
@@ -12,6 +12,11 @@ server {
   # enable HSTS header
   add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
 
+  # clickjacking protection
+  add_header X-Content-Type-Options nosniff;
+  add_header X-XSS-Protection "1; mode=block";
+  add_header X-Frame-Options DENY;
+
   location / {
     # preserve http header and set forwarded proto
     proxy_set_header Host $http_host;