16 lines
1.1 KiB
Plaintext
16 lines
1.1 KiB
Plaintext
# Drupal Configuration
|
|
|
|
# Drupal sets X-Frame-Options and X-Content-Type-Options by itself.
|
|
# If you are not using a reverse proxy and just serve the files by NGINX itself, use this configuration.
|
|
|
|
# We do not set clipboard-write() here, because it is very commonly used
|
|
proxy_hide_header Strict-Transport-Security;
|
|
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), bluetooth=(), browsing-topics=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
|
|
|
|
proxy_hide_header Permissions-Policy;
|
|
add_header Referrer-Policy "same-origin" always;
|
|
|
|
# Obsolete and replaced by Content-Security-Policy
|
|
# Only here to pass Hardenize checks
|
|
proxy_hide_header X-XSS-Protection;
|
|
add_header X-XSS-Protection "0" always; |