From d5ed786d2a4fc5fa3dd10d697fa16bdae4bba7b0 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Mon, 17 Oct 2022 22:27:09 -0400 Subject: [PATCH] add minimal Permissions Policy as a starting point --- nginx/snippets/security-headers.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/nginx/snippets/security-headers.conf b/nginx/snippets/security-headers.conf index 452cb06..8420460 100644 --- a/nginx/snippets/security-headers.conf +++ b/nginx/snippets/security-headers.conf @@ -4,6 +4,7 @@ add_header Referrer-Policy "no-referrer" always; add_header Cross-Origin-Opener-Policy "same-origin" always; add_header Cross-Origin-Embedder-Policy "require-corp" always; add_header Origin-Agent-Cluster "?1" always; +add_header Permissions-Policy "interest-cohort=()" always; # obsolete, unsafe and replaced with strong Content-Security-Policy add_header X-XSS-Protection "0" always;