CSEC_PUBLIC/the-practical-linux-hardening-guide
1
0
Fork 0
mirror of https://github.com/trimstray/the-practical-linux-hardening-guide.git synced 2025-12-07 01:32:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Formating

Browse Source 
- signed-off-by: ajvn <ivans@vaskir.co>
This commit is contained in:
ajvn
2019-01-31 22:07:46 +01:00
parent 12e00f0a8e
commit b2f7d697a4
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@@ -863,20 +863,19 @@ ssl_dhparam /etc/nginx/ssl/dhparam.pem;
#### :eight_pointed_black_star: Security related headers #### :eight_pointed_black_star: Security related headers
<u>Cross-site scripting (XSS) protection</u>: _Cross-site scripting (XSS) protection:_
Helps with preventing XSS attacks, it's enabling cross-site scripting filter built into modern browsers. Helps with preventing XSS attacks, it's enabling cross-site scripting filter built into modern browsers.
`add_header x-xss-protection "1; mode=block" always;` `add_header x-xss-protection "1; mode=block" always;`
<u>X-Frame-Options:</u> _X-Frame-Options:_
Prevents iframe loading from different websites: Prevents iframe loading from different websites:
`add_header x-frame-options "SAMEORIGIN" always;` `add_header x-frame-options "SAMEORIGIN" always;`
<u>X-Content-Type-Options</u>: _X-Content-Type-Options:_
It helps reducing drive-by downloads: It helps reducing drive-by downloads:
`add_header X-Content-Type-Options "nosniff" always;` `add_header X-Content-Type-Options "nosniff" always;`
_HTTP Strict Transport Security (HSTS):_
<u>HTTP Strict Transport Security (HSTS):</u>
When a browser sees this header from an HTTPS website, it “learns” that this domain must only be accessed using HTTPS (SSL or TLS). It caches this information for the max-age period (typically 31,536,000 seconds, equal to about 1 year). When a browser sees this header from an HTTPS website, it “learns” that this domain must only be accessed using HTTPS (SSL or TLS). It caches this information for the max-age period (typically 31,536,000 seconds, equal to about 1 year).
`add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;` `add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;`