After adding HSTS and Xframe policies it's still not showing up in the browser. (NGINX)

Tra

8/6/23, 7:03 AM

I am using docker to run a react app with Nginx not sure why it's not implementing the headers I added.

    http{
include /etc/nginx/mime.types;
default_type  application/octet-stream;
client_max_body_size 999M;
access_log /dev/stdout;
error_log /dev/stderr;
sendfile        on;
keepalive_timeout  65;

        include /etc/nginx/conf.d/*.conf;
        server_names_hash_bucket_size 64;
        server_tokens off;
            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload" always;
            add_header X-Frame-Options DENY;
            add_header X-Content-Type-Options nosniff;
            add_header Content-Security-Policy "default-src 'self' www.google-analytics.comajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connectfacebook.net facebook.com;";
            add_header X-XSS-Protection "1; mode=block" always;
            add_header Referrer-Policy "origin";
    }

When I deployed the above it didn't work so I tried adding the same thing below

server {
    server_tokens off;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload" always;
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header Content-Security-Policy "default-src 'self' www.google-analytics.comajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connectfacebook.net facebook.com;";
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "origin";
}

Again no good and then I tried deploying with both at the same time still no good.

I'm new to Nginx so not sure what the issue is, any help is appreciated. Thanks!

0 + 0

nginx

http-headers

docker

hsts

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: After adding HSTS and Xframe policies it's still not showing up in the browser. (NGINX)

TH: หลังจากเพิ่มนโยบาย HSTS และ Xframe แล้ว ก็ยังไม่ปรากฏในเบราว์เซอร์ (NGINX)

RO: După adăugarea politicilor HSTS și Xframe, încă nu apare în browser. (NGINX)

RU: После добавления политик HSTS и Xframe он по-прежнему не отображается в браузере. (НГИНКС)

VI: Sau khi thêm các chính sách HSTS và Xframe, nó vẫn không hiển thị trong trình duyệt. (NGINX)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.