Add X-Content-Type-Options header

2021-02-13 03:39:12 +01:00 · 2021-02-13 03:39:12 +01:00 · 47bd755709
parent 566feeefb0
commit 47bd755709
1 changed files with 1 additions and 0 deletions
--- a/roles/nginx/templates/etc/nginx/sites-available/site-vhost.j2
+++ b/roles/nginx/templates/etc/nginx/sites-available/site-vhost.j2
@ -28,6 +28,7 @@ server {
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;

    {% if item.ssl_certificate is defined %}ssl_certificate {{ item.ssl_certificate }};{% endif %}