836467c8b5
Drop `X-XSS-Protection` header usage as per its deprecation
...
Ref https://github.com/h5bp/server-configs-apache/pull/253
Ref https://github.com/h5bp/server-configs-apache/issues/198
Closes https://github.com/h5bp/server-configs-nginx/pull/260
2021-06-14 01:14:22 +02:00
4556277ced
Drop `X-UA-Compatible` header usage as per IE deprecation
...
Ref https://github.com/h5bp/server-configs-apache/issues/210
Ref https://github.com/h5bp/server-configs-apache/issues/182
2021-06-14 01:14:22 +02:00
282d979af4
Drop Cache-Control: no-transform usage
...
Obsoleted with secure servers
See https://github.com/h5bp/server-configs-apache/issues/185
2019-05-15 18:24:30 +02:00
29ff09ac95
Remove CSP from basic.conf includes
...
Too strong for general purposes.
Closes #222
2019-03-15 18:58:47 +01:00
50a6d793ce
Remove duplicated .conf in include
2019-02-13 14:45:52 +01:00
f600128203
Add Referrer-Policy for html document by default
2019-02-13 14:31:53 +01:00
283b292c5e
Add default recommended headers
...
Since no more location directive is used, making these header
available everywhere is possible without breaking servers.
2019-02-10 22:20:05 +01:00
6dd4cc27ed
Switch from location directives to maps based on MIME-types
...
* Expire
* X-XSS-Protection
* X-Frame-Options
* X-UA-Compatible
* Content-Security-Policy
* Access-Control-Allow-Origin
2019-02-10 21:56:10 +01:00
5f3ce4f73c
Add back web_performance_cache_expiration ( #206 )
...
remove double include h5bp/location/security_file_access.conf;
2018-11-30 11:40:33 +01:00
496af1cfd5
Split directives to enforce atomic structure
...
* Enforce H5BP style
* Improve inline documentation to simplify maintenance
* Prepare v3
2018-11-23 17:19:51 +01:00
560bdab9cf
Move config snippets around
...
Make it more obvious which snippets are location based, and which
are just directives. Need to provide more files like basic.conf to
cover more of the common use cases.
2013-11-22 10:50:58 +00:00
Léo Colombaro