mirror of
https://github.com/d0zingcat/ghost-docker.git
synced 2026-05-21 07:26:51 +00:00
ceac2ed1c2
- Our setup docs recommend having Ghost Admin on a separate domain from the content domain - This lets users optionally set this up if they want whilst continuing to align Admin <-> content domain through templates
13 lines
308 B
Plaintext
13 lines
308 B
Plaintext
header {
|
|
# Enable HSTS
|
|
Strict-Transport-Security max-age=31536000;
|
|
# Prevent embedding in frames
|
|
X-Frame-Options DENY
|
|
# Enable XSS protection
|
|
X-XSS-Protection "1; mode=block"
|
|
# Prevent MIME sniffing
|
|
X-Content-Type-Options nosniff
|
|
# Referrer policy
|
|
Referrer-Policy strict-origin-when-cross-origin
|
|
}
|