Setting headers
Paul
paul at stormy.ca
Mon May 11 15:44:57 UTC 2026
I'm looking for some advice. Using nginx/1.18.0 (Ubuntu) in production
(~400k+ connections/day) across multiple domains (some nginx =>
apache2), I am considering for top-level server block the following:
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header 'Referrer-Policy' 'origin';
I have no other "header' directives except for multiple "proxy_set_header"
Are there any pitfalls or caveats? And is the code above correct as I
have noticed double quotes, single quotes and nosniff not quoted?
Thanks in advance,
Paul
More information about the nginx
mailing list