Security Header

Nginx

add_header Content-Security-Policy "default-src 'self';";

Apache

<IfModule mod_headers.c>
    Header set Content-Security-Policy "default-src 'self';"
</IfModule>

Nginx

add_header Content-Security-Policy "default-src 'self';";

Apache

<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
</IfModule>

Nginx

add_header X-Frame-Options "DENY";

Apache

<IfModule mod_headers.c>
    Header set X-Frame-Options "DENY"
</IfModule>

Nginx

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

Apache

<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>

Nginx

add_header X-XSS-Protection "1; mode=block";

Apache

<IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
</IfModule>

Nginx and Apache configuration file locations:

Nginx: Configuration files are usually located in the /etc/nginx/nginx.confor /etc/nginx/conf.d/directory.
Apache: Configuration files are usually /etc/httpd/conf/httpd.conf(CentOS/RHEL) or /etc/apache2/apache2.conf(Debian/Ubuntu).

After modifying the configuration file, you must restart the web server for the changes to take effect.

Nginx Restart:

sudo systemctl restart nginx

Apache Restart:

sudo systemctl restart httpd  # CentOS/RHEL
sudo systemctl restart apache2  # Debian/Ubuntu

Last updated 1 year ago