From 790066c99d1c82438d68ef18fd88149b9bde64da Mon Sep 17 00:00:00 2001
From: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com>
Date: Sun, 3 Sep 2023 13:57:00 +0000
Subject: [PATCH] Add missing headers.conf

Signed-off-by: wj25czxj47bu6q <96372288+wj25czxj47bu6q@users.noreply.github.com>
---
 etc/nginx/headers.conf | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 etc/nginx/headers.conf

diff --git a/etc/nginx/headers.conf b/etc/nginx/headers.conf
new file mode 100644
index 0000000..e4ec5ea
--- /dev/null
+++ b/etc/nginx/headers.conf
@@ -0,0 +1,8 @@
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()";
+add_header Referrer-Policy "same-origin" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header X-XSS-Protection "0" always;
+add_header Cross-Origin-Resource-Policy cross-origin;
+add_header Cross-Origin-Opener-Policy same-origin;