From 1cbd223eee2390574c8e106a80ebe46587745418 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Fri, 18 Jun 2021 05:34:44 -0400
Subject: [PATCH] mark obsolete X-Frame-Options header as such

---
 nginx/nginx.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 053ae94..f3534be 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -90,6 +90,7 @@ http {
 
         include snippets/security-headers.conf;
         add_header Content-Security-Policy "frame-ancestors 'none'; block-all-mixed-content";
+        # obsolete and replaced with Content-Security-Policy frame-ancestors 'none'
         add_header X-Frame-Options "DENY";
 
         location = / {
@@ -101,6 +102,7 @@ http {
             proxy_hide_header X-Frame-Options;
             include snippets/security-headers.conf;
             add_header Content-Security-Policy "frame-ancestors 'none'; block-all-mixed-content";
+            # obsolete and replaced with Content-Security-Policy frame-ancestors 'none'
             add_header X-Frame-Options "DENY";
             add_header X-Robots-Tag "none";
 
@@ -128,6 +130,7 @@ http {
 
         include snippets/security-headers.conf;
         add_header Content-Security-Policy "frame-ancestors 'self'; block-all-mixed-content";
+        # obsolete and replaced with Content-Security-Policy frame-ancestors 'self'
         add_header X-Frame-Options "SAMEORIGIN";
         add_header X-Robots-Tag "none";
     }