mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 05:30:45 +00:00
nginx: Remove deprecated XSS protection block
This commit is contained in:
parent
3f5c0306ed
commit
b5b64eba5b
@ -58,15 +58,6 @@ add_header X-Content-Type-Options nosniff always;
|
||||
|
||||
add_header X-Frame-Options $x_frame_options always;
|
||||
|
||||
# Protect website reflected Cross-Site Scripting (XSS) attacks.
|
||||
#
|
||||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
|
||||
# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-iv-the-xss-filter/
|
||||
# https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/
|
||||
# https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
|
||||
|
||||
add_header X-XSS-Protection $x_xss_protection always;
|
||||
|
||||
# Block access to all hidden files and directories except for the
|
||||
# visible content from within the `/.well-known/` hidden directory.
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user