Skip to content

Instantly share code, notes, and snippets.

View anxo-outeiral's full-sized avatar
Hardcore will never die, but you will.

Anxo anxo-outeiral

Hardcore will never die, but you will.
View GitHub Profile
ambroisemaupate / security.conf
Last active March 10, 2025 08:21
Nginx CSP example
# config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
add_header X-Frame-Options SAMEORIGIN;
# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
# to disable content-type sniffing on some browsers.
# currently suppoorted in IE > 8