Some clickjacking protections

1 files changed, 5 insertions, 0 deletions

diff --git a/templates/site-ssl.erb b/templates/site-ssl.erb
index a370bc7..5b9ce04 100644
--- a/templates/site-ssl.erb
+++ b/templates/site-ssl.erb
@@ -12,6 +12,11 @@ server {
   # enable HSTS header
   add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
 
+  # clickjacking protection
+  add_header X-Content-Type-Options nosniff;
+  add_header X-XSS-Protection "1; mode=block";
+  add_header X-Frame-Options DENY;
+
   location / {
     # preserve http header and set forwarded proto
     proxy_set_header Host $http_host;