From 017754a3f35df468e76c2adddfd0f330289f803d Mon Sep 17 00:00:00 2001 From: J0WI Date: Mon, 1 Jul 2019 22:18:08 +0200 Subject: [PATCH] Sort headers Signed-off-by: J0WI --- admin_manual/installation/nginx.rst | 40 ++++++++++++++--------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/admin_manual/installation/nginx.rst b/admin_manual/installation/nginx.rst index e68333741..671be01e4 100644 --- a/admin_manual/installation/nginx.rst +++ b/admin_manual/installation/nginx.rst @@ -66,13 +66,13 @@ webroot of your nginx installation. In this example it is # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; + add_header X-Content-Type-Options nosniff; + add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Robots-Tag none; + add_header X-XSS-Protection "1; mode=block"; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -164,13 +164,13 @@ webroot of your nginx installation. In this example it is # will add the domain to a hardcoded list that is shipped # in all major browsers and getting removed from this list # could take several months. - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; + add_header X-Content-Type-Options nosniff; + add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Robots-Tag none; + add_header X-XSS-Protection "1; mode=block"; # Optional: Don't log access to assets access_log off; @@ -219,13 +219,13 @@ your nginx installation. # Before enabling Strict-Transport-Security headers please read into this # topic first. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; + add_header X-Content-Type-Options nosniff; + add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Robots-Tag none; + add_header X-XSS-Protection "1; mode=block"; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -317,13 +317,13 @@ your nginx installation. # Before enabling Strict-Transport-Security headers please read # into this topic first. # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; + add_header X-Content-Type-Options nosniff; + add_header X-Download-Options noopen; add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Robots-Tag none; + add_header X-XSS-Protection "1; mode=block"; # Optional: Don't log access to assets access_log off;