- fastcgi_hide_header X-Powered-By;
- fastcgi_hide_header X-Runtime;
- fastcgi_hide_header X-Version;
- add_header X-Frame-Options SAMEORIGIN;
- add_header X-Content-Type-Options nosniff;
- add_header Content-Security-Policy "upgrade-insecure-requests";
- add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
|
