From aceeb96d0cd570be0b0b09545f873f9d2c5fe7ce Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Thu, 13 Jan 2022 03:42:41 -0500
Subject: [PATCH] Update security headers

Update security headers according to recommendations by hardenize.com
---
 install.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/install.sh b/install.sh
index e6ef706..1c08faa 100644
--- a/install.sh
+++ b/install.sh
@@ -515,9 +515,9 @@ server {
     ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
     ssl_prefer_server_ciphers on;
 
-    add_header Strict-Transport-Security "max-age=15768000; preload;";
+    add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload;";
     add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
+    add_header X-XSS-Protection "0";
     add_header X-Robots-Tag none;
     add_header Content-Security-Policy "frame-ancestors 'self'";
     add_header X-Frame-Options DENY;
@@ -583,9 +583,9 @@ server {
     ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
     ssl_prefer_server_ciphers on;
 
-    add_header Strict-Transport-Security "max-age=15768000; preload;";
+    add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload;";
     add_header X-Content-Type-Options nosniff;
-    add_header X-XSS-Protection "1; mode=block";
+    add_header X-XSS-Protection "0";
     add_header X-Robots-Tag none;
     add_header Content-Security-Policy "frame-ancestors 'self'";
     add_header X-Frame-Options DENY;