0ccf0fbf1c
**HSTS Preloading:** In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and indicates a willingness to be “preloaded” into browsers: `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` **X-Xss-Protection:** `1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script. |
||
|---|---|---|
| .. | ||
| conf.d | ||
| matrix-synapse-metrics-htpasswd.j2 | ||
| nginx.conf.j2 | ||