add minimal Permissions Policy as a starting point

2024-12-18 12:24:37 -05:00 · 2022-10-17 22:27:09 -04:00 · 2022-10-17 22:27:09 -04:00 · d5ed786d2a
commit d5ed786d2a
parent 4f1aa5bceb
1 changed files with 1 additions and 0 deletions
--- a/nginx/snippets/security-headers.conf
+++ b/nginx/snippets/security-headers.conf
@ -4,6 +4,7 @@ add_header Referrer-Policy "no-referrer" always;
 add_header Cross-Origin-Opener-Policy "same-origin" always;
 add_header Cross-Origin-Embedder-Policy "require-corp" always;
 add_header Origin-Agent-Cluster "?1" always;
+add_header Permissions-Policy "interest-cohort=()" always;

 # obsolete, unsafe and replaced with strong Content-Security-Policy
 add_header X-XSS-Protection "0" always;