matrix-docker-ansible-deploy/roles/matrix-nginx-proxy/templates/nginx/conf.d
sakkiii 0ccf0fbf1c HSTS preload + X-XSS enables
**HSTS Preloading:**
In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and indicates a willingness to be “preloaded” into browsers:
`Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`

**X-Xss-Protection:**
`1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script.
2021-04-24 12:12:34 +05:30
..
matrix-base-domain.conf.j2 Get matrix-corporal to play nicely with a Synapse worker setup 2021-01-25 09:46:41 +02:00
matrix-bot-go-neb.conf.j2 HSTS preload + X-XSS enables 2021-04-24 12:12:34 +05:30
matrix-client-element.conf.j2 Element More security headers 2021-04-24 11:10:40 +05:30
matrix-dimension.conf.j2 HSTS preload + X-XSS enables 2021-04-24 12:12:34 +05:30
matrix-domain.conf.j2 Set X-Forwarded-Proto on federation requests 2021-03-17 18:51:10 -05:00
matrix-grafana.conf.j2 Improve security grafana 2021-04-17 21:03:05 +05:30
matrix-jitsi.conf.j2 HSTS preload + X-XSS enables 2021-04-24 12:12:34 +05:30
matrix-riot-web.conf.j2 Remove useless quotes around ssl_ciphers value 2021-01-08 21:22:44 +02:00
matrix-sygnal.conf.j2 HSTS preload + X-XSS enables 2021-04-24 12:12:34 +05:30
matrix-synapse.conf.j2 Do not overwrite X-Forwarded-For when reverse-proxying to Synapse 2021-03-08 17:24:09 +02:00
nginx-http.conf.j2 Riot is now Element 2020-07-17 11:31:20 +03:00