Welcome! Log In Create A New Profile

Advanced

Re: HSTS and X-Frame-Options

Previous Message Next Message
Forum List Message List New Topic Print View
Some Developer
July 11, 2013 10:44AM
On 11/07/13 12:25, Some Developer wrote:
> Hi,
>
> I've just enabled HSTS and X-Frame Options in my nginx configuration
> (1.2.9) and was wondering if I have done it correctly.
>
> Currently my site has 4 server blocks.
>
> One to redirect domain.com to https://www.domain.com
>
> One to redirect www.domain.com to https://www.domain.com
>
> One to redirect https://domain.com to https://www.domain.com
>
> And finally the main one for https://www.domain.com
>
> I've added the following two lines to the final server block:
>
> |add_header Strict-Transport-Security max-age=63072000;|
>
> |add_header X-Frame-Options DENY;
>
> Do I need to add them to any of the other server blocks or is my current
> configuration
> correct? If there are any other improvements to be made I'd be more than
> happy to hear about them.
>
> Thanks.

Hmm seems like my copy and paste job screwed with the text. These are
the actual lines:

add_header X-Frame-Options DENY;
add_header Strict-Transport-Security max-age=63072000;

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

HSTS and X-Frame-OptionsX-DCC-x.dcc-servers-Metrics: mail.nginx.com 104; Body=1 Fuz1=1 Fuz2=1

Some Developer July 11, 2013 07:26AM

Re: HSTS and X-Frame-Options

Some Developer July 11, 2013 10:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 192
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready