NGINX hederi

server_tokens off;
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
# add_header Content-Security_Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; ba$
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Referrer-Policy "strict-origin-when-cross-origin";
proxy_cookie_path / "/; HTTPOnly; Secure;SameSite=none";

Lai uzģenerētu kodu priekš integrity parametra ismanto šo komandu

curl -s <URL> | \
openssl dgst -sha384 -binary | \
openssl base64 -A

Šeit var palasīt vairāk par hederiem