From 918343865ef245ba8f32c4ae44587629878ea4b2 Mon Sep 17 00:00:00 2001
From: apoc4lyps <10954235+apoc4lyps@users.noreply.github.com>
Date: Mon, 28 May 2018 12:28:23 +0200
Subject: [PATCH] hardening http headers

---
 data/conf/nginx/site.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index e339fdf93..5519d7697 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -35,7 +35,9 @@ server {
   add_header X-XSS-Protection "1; mode=block";
   add_header X-Robots-Tag none;
   add_header X-Download-Options noopen;
+  add_header X-Frame-Options "SAMEORIGIN" always;
   add_header X-Permitted-Cross-Domain-Policies none;
+  add_header Referrer-Policy no-referrer-when-downgrade;
 
   index index.php index.html;