Need to migrate your e-mails to a new server? Free and paid versions of our online tool available.
Hero Image

Nginx Security Headers on OpenBSD 7.5

nginx openbsd nginx

Nginx Security Headers on OpenBSD 7.5

Create /etc/nginx/snippets/security-headers.conf

add_header X-Frame-Options            "SAMEORIGIN"                                 always;
add_header X-Content-Type-Options     "nosniff"                                    always;
add_header X-XSS-Protection           "1; mode=block"                              always;
add_header Strict-Transport-Security  "max-age=63072000; includeSubDomains; preload" always;
add_header Referrer-Policy            "strict-origin-when-cross-origin"            always;
add_header Permissions-Policy         "geolocation=(), microphone=(), camera=()"   always;
add_header Content-Security-Policy    "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" always;

Include in server block

server {
    listen 443 ssl http2;
    server_name example.com;
    include snippets/security-headers.conf;
    ...
}

Test and reload

nginx -t && systemctl reload nginx 2>/dev/null || nginx -t && rcctl reload nginx

Verify

curl -sI https://example.com | grep -E 'X-Frame|X-Content|Strict|CSP'
Previous Post Next Post