MAGETWO-41913: Add no-sniff headers/xss protection to server config files

aef44afb · Dale Sikkema · 444e252d · aef44afb · aef44afb
Commit aef44afb authored 9 years ago by Dale Sikkema
--- a/.htaccess
+++ b/.htaccess
@@ -182,3 +182,10 @@
 ## http://developer.yahoo.com/performance/rules.html#etags
    #FileETag none
+############################################
+## Add custom headers
+<IfModule mod_headers.c>
+    Header set X-Content-Type-Options: nosniff
+    Header set X-XSS-Protection: '1; mode=block'
+</IfModule>
--- a/nginx.conf.sample
+++ b/nginx.conf.sample
@@ -24,6 +24,9 @@ index index.php;
 autoindex off;
 charset off;
+add_header 'X-Content-Type-Options' 'nosniff';
+add_header 'X-XSS-Protection' '1; mode=block';
 location /setup {
    root $MAGE_ROOT;