mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-02-15 03:28:59 +01:00
0ccf0fbf1c
**HSTS Preloading:** In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and indicates a willingness to be “preloaded” into browsers: `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` **X-Xss-Protection:** `1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script.