Skip to content

Commit

Permalink
Minor Nginx tweaks
Browse files Browse the repository at this point in the history 
Because of privacy concerns it's desirable to disable referrer, FLoC and
Cloudflare as resolver.
  • Loading branch information
@mrckndt
mrckndt committed Jun 23, 2021
1 parent f316858 commit 51b61fb
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions nginx/conf.d/default.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ server {
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1;
#resolver 1.1.1.1;

# verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
Expand All @@ -72,8 +72,9 @@ server {
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=63072000" always;
add_header Permissions-Policy "interest-cohort=()";

## locations
# ACME-challenge
Expand Down

0 comments on commit 51b61fb

Please sign in to comment.