From 0bdc2fc68cab58efc27cf52f2471f4699c5c2e4b Mon Sep 17 00:00:00 2001 From: toufic ar Date: Tue, 10 Mar 2026 10:08:00 +0200 Subject: [PATCH] nginx set x-frame-options to sameorigin --- config/http/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/http/default.nix b/config/http/default.nix index 7e69e71..c82e7a1 100644 --- a/config/http/default.nix +++ b/config/http/default.nix @@ -38,7 +38,7 @@ in { more_set_headers 'Strict-Transport-Security: $hsts_header'; more_set_headers 'Content-Security-Policy: upgrade-insecure-requests'; more_set_headers 'Referrer-Policy: origin-when-cross-origin'; - more_set_headers 'X-Frame-Options: DENY'; + more_set_headers 'X-Frame-Options: SAMEORIGIN'; more_set_headers 'X-Content-Type-Options: nosniff'; more_set_headers 'X-XSS-Protection: 0'; '';