From e60fa624d120620f7ac3c8c8a88dff76811c6376 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Thu, 24 Jan 2019 15:04:39 -0200
Subject: Some clickjacking protections

---
 templates/site-ssl.erb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/templates/site-ssl.erb b/templates/site-ssl.erb
index a370bc7..5b9ce04 100644
--- a/templates/site-ssl.erb
+++ b/templates/site-ssl.erb
@@ -12,6 +12,11 @@ server {
   # enable HSTS header
   add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
 
+  # clickjacking protection
+  add_header X-Content-Type-Options nosniff;
+  add_header X-XSS-Protection "1; mode=block";
+  add_header X-Frame-Options DENY;
+
   location / {
     # preserve http header and set forwarded proto
     proxy_set_header Host $http_host;
-- 
cgit v1.2.3