Welcome! Log In Create A New Profile

Advanced

HSTS and X-Frame-OptionsX-DCC-x.dcc-servers-Metrics: mail.nginx.com 104; Body=1 Fuz1=1 Fuz2=1

Some Developer
July 11, 2013 07:26AM
Hi,

I've just enabled HSTS and X-Frame Options in my nginx configuration
(1.2.9) and was wondering if I have done it correctly.

Currently my site has 4 server blocks.

One to redirect domain.com to https://www.domain.com

One to redirect www.domain.com to https://www.domain.com

One to redirect https://domain.com to https://www.domain.com

And finally the main one for https://www.domain.com

I've added the following two lines to the final server block:

|add_header Strict-Transport-Security max-age=63072000;|

|add_header X-Frame-Options DENY;

Do I need to add them to any of the other server blocks or is my current configuration
correct? If there are any other improvements to be made I'd be more than happy to hear about them.

Thanks.
|


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

HSTS and X-Frame-OptionsX-DCC-x.dcc-servers-Metrics: mail.nginx.com 104; Body=1 Fuz1=1 Fuz2=1

Some Developer July 11, 2013 07:26AM

Re: HSTS and X-Frame-Options

Some Developer July 11, 2013 10:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 114
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 254 on July 05, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready