From f80c334e6cbb207616ec3234a56c51b4f84b19e2 Mon Sep 17 00:00:00 2001
From: ingalls <nick@ingalls.ca>
Date: Tue, 10 Sep 2024 09:55:05 -0600
Subject: [PATCH] Add additional headers

---
 api/nginx.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/nginx.conf b/api/nginx.conf
index 8b27ed26b..b9483981f 100644
--- a/api/nginx.conf
+++ b/api/nginx.conf
@@ -26,7 +26,11 @@ http {
         server_tokens off;
 
         add_header X-Content-Type-Options nosniff;
+        add_header X-Frame-Options DENY always;
         add_header Referrer-Policy strict-origin-when-cross-origin;
+        add_header Strict-Transport-Security max-age=31536000; includeSubDomains; preload
+        add_header Permissions-Policy fullscreen=(self), geolocation=(self), clipboard-read=(self), clipboard-write=(self)
+        add_header Content-Security-Policy default-src 'self'; upgrade-insecure-requests;
 
         location / {
             if ($request_uri ~ ^/(.*)\.html) {