5 lines
284 B
Text
5 lines
284 B
Text
# Keep legacy browser-era headers out of the default security baseline. They are
|
|
# still occasionally requested by enterprise scanners, but modern browsers
|
|
# rarely depend on them.
|
|
add_header X-Download-Options noopen always;
|
|
add_header X-Permitted-Cross-Domain-Policies none always;
|