add xss protection header (#45)

TACC · Jan 5, 2024 · ed18918 · ed18918
1 parent 1de9c55
commit ed18918
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/conf/nginx/templates/default.conf.template b/conf/nginx/templates/default.conf.template
@@ -45,6 +45,7 @@ server {
     add_header Strict-Transport-Security "max-age=2592000; includeSubDomains" always;
     add_header X-Content-Type-Options "nosniff" always;
     add_header Content-Security-Policy "connect-src 'self' ws: wss: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.tacc.utexas.edu" always;
+    add_header X-XSS-Protection "1; mode=block" always;
 
     location /media  {
         alias /var/www/portal/cms/media;