From 51b61fb2d8efa57a47ea8993d8a02f243e0e898c Mon Sep 17 00:00:00 2001 From: Marco Kundt Date: Wed, 23 Jun 2021 21:18:49 +0200 Subject: [PATCH] Minor Nginx tweaks Because of privacy concerns it's desirable to disable referrer, FLoC and Cloudflare as resolver. --- nginx/conf.d/default.conf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nginx/conf.d/default.conf b/nginx/conf.d/default.conf index be9e4eb..d24a624 100644 --- a/nginx/conf.d/default.conf +++ b/nginx/conf.d/default.conf @@ -61,7 +61,7 @@ server { # OCSP stapling ssl_stapling on; ssl_stapling_verify on; - resolver 1.1.1.1; + #resolver 1.1.1.1; # verify chain of trust of OCSP response using Root CA and Intermediate certs #ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; @@ -72,8 +72,9 @@ server { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "strict-origin-when-cross-origin" always; + add_header Referrer-Policy no-referrer; add_header Strict-Transport-Security "max-age=63072000" always; + add_header Permissions-Policy "interest-cohort=()"; ## locations # ACME-challenge