remove deprecated XSS-Protection
This commit is contained in:
parent
d09ef2c8e9
commit
491ef10392
@ -6,7 +6,6 @@
|
|||||||
header {
|
header {
|
||||||
-Strict-Transport-Security
|
-Strict-Transport-Security
|
||||||
-Referrer-Policy
|
-Referrer-Policy
|
||||||
-X-XSS-Protection
|
|
||||||
-Content-Security-Policy
|
-Content-Security-Policy
|
||||||
# disable clients from sniffing the media type
|
# disable clients from sniffing the media type
|
||||||
X-Content-Type-Options nosniff
|
X-Content-Type-Options nosniff
|
||||||
@ -44,7 +43,6 @@
|
|||||||
# clickjacking protection
|
# clickjacking protection
|
||||||
X-Frame-Options SAMEORIGIN
|
X-Frame-Options SAMEORIGIN
|
||||||
|
|
||||||
X-XSS-Protection "1; mode=block"
|
|
||||||
defer
|
defer
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -224,8 +222,6 @@ search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{
|
|||||||
header {
|
header {
|
||||||
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
|
||||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
# Enable cross-site filter (XSS) and tell browser to block detected attacks
|
|
||||||
X-XSS-Protection "1; mode=block"
|
|
||||||
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
|
||||||
X-Content-Type-Options "nosniff"
|
X-Content-Type-Options "nosniff"
|
||||||
# Disable some features
|
# Disable some features
|
||||||
|
Loading…
Reference in New Issue
Block a user