location / {
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection 1;
add_header Content-Security-Policy "default-src 'self'; style-src * 'unsafe-inline'; img-src * data:; object-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; font-src * data:; worker-src * blob:;";
add_header X-Permitted-Cross-Domain-Policies value;
add_header X-Download-Options value;
add_header X-Frame-Options SAMEORIGIN;
}
来源:https://blog.51cto.com/jiangxl/5283876