Add Referrer-Policy for html document by default

This commit is contained in:
Léo Colombaro 2019-02-13 14:31:53 +01:00
parent c04dcb232f
commit f600128203
No known key found for this signature in database
GPG Key ID: 687B480A6D4F735F
3 changed files with 8 additions and 1 deletions

View File

@ -3,6 +3,7 @@
include h5bp/internet_explorer/x-ua-compatible.conf;
include h5bp/security/content-security-policy.conf;
include h5bp/security/referrer-policy.conf.conf;
include h5bp/security/x-content-type-options.conf;
include h5bp/security/x-frame-options.conf;
include h5bp/security/x-xss-protection.conf;

View File

@ -15,4 +15,4 @@
# https://scotthelme.co.uk/a-new-security-header-referrer-policy/
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Referrer-Policy $referrer_policy always;

View File

@ -115,6 +115,12 @@ http {
text/html "script-src 'self'; object-src 'self'";
}
# Add Referrer-Policy for HTML documents.
# h5bp/security/referrer-policy.conf.conf
map $sent_http_content_type $referrer_policy {
text/html "no-referrer-when-downgrade";
}
# Add X-UA-Compatible for HTML documents.
# h5bp/internet_explorer/x-ua-compatible.conf
map $sent_http_content_type $x_ua_compatible {