privatebin/examples/02-extra-headers/headers.conf

# The X-Frame-Options header indicates whether a browser should be allowed
# to render a page within a frame or iframe.
add_header X-Frame-Options "SAMEORIGIN" always;

# MIME type sniffing security protection
# There are very few edge cases where you wouldn't want this enabled.
add_header X-Content-Type-Options "nosniff" always;

# The X-XSS-Protection header is used by Internet Explorer version 8+
# The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
add_header X-XSS-Protection "1; mode=block" always;

# Prevent mobile network providers from modifying your site
#
# (!) If you are using `ngx_pagespeed`, please note that setting
# the `Cache-Control: no-transform` response header will prevent
# `PageSpeed` from rewriting `HTML` files, and, if
# `pagespeed DisableRewriteOnNoTransform off` is not used, also
# from rewriting other resources.
#
# https://developers.google.com/speed/pagespeed/module/configuration#notransform
add_header "Cache-Control" "no-transform";

# Force the latest IE version
add_header "X-UA-Compatible" "IE=Edge";
Add custom "hook folders" /etc/nginx/{server.d,location.d} 2017-03-29 17:40:24 +00:00			`# The X-Frame-Options header indicates whether a browser should be allowed`
			`# to render a page within a frame or iframe.`
			`add_header X-Frame-Options "SAMEORIGIN" always;`

			`# MIME type sniffing security protection`
			`# There are very few edge cases where you wouldn't want this enabled.`
			`add_header X-Content-Type-Options "nosniff" always;`

			`# The X-XSS-Protection header is used by Internet Explorer version 8+`
			`# The header instructs IE to enable its inbuilt anti-cross-site scripting filter.`
			`add_header X-XSS-Protection "1; mode=block" always;`

			`# Prevent mobile network providers from modifying your site`
			`#`
			# (!) If you are using `ngx_pagespeed`, please note that setting
			# the `Cache-Control: no-transform` response header will prevent
			# `PageSpeed` from rewriting `HTML` files, and, if
			# `pagespeed DisableRewriteOnNoTransform off` is not used, also
			`# from rewriting other resources.`
			`#`
			`# https://developers.google.com/speed/pagespeed/module/configuration#notransform`
			`add_header "Cache-Control" "no-transform";`

			`# Force the latest IE version`
			`add_header "X-UA-Compatible" "IE=Edge";`