How to secure Web application headers with Nginx.

Have you ever wondered how your website/application headers are?
A good step to start is to scan the website:

https://securityheaders.com

After the scan, you can asses the problems. I will explain how to resolve those issues with “Nginx”. If you don’t have HTTPS it’s a good start to use letsencrypt, it’s free and CloudFlare it has a very good support for both.

Add a new configuration section in nginx http:

Best to add a file like security.conf in /etc/nginx/conf.d which can be modified later on.

Test nginx configuration & reload!

Check
https://securityheaders.com & test again…

NB: Be careful with Content-Security-Policy, this needs to be modified depends on your site and dependencies.

Is security headers enough? That’s a NO… using CloudFlare & Nginx security its an abstract layer over the web application which needs to be scanned and improved periodically to keep it secured.


Gabriel Ajabahian
Software Engineer Freelance
I am a Freelance consultant, I’m passionate about creating dynamic applications. With 10+ years technical experience as well as working on major application systems for top down. I have extensive software engineering experience, recently I focus on Scala/Java and JavaScript. On the other hand, I have experience with C# and .net framework/core. I focus on integrating applications that are built against different frameworks and can run on different platforms. Scalability, efficiency and performance are key topics for any software, that’s why I keep track of the newest technologies, I never underestimate the power of the cloud, that’s why I do believe in using this power with “edge applications” to expand software’s and solutions to a new level. Being a software engineer who understand the business as well as my team, looking at things from different perspectives. Being open and honest and investing in relationship makes a big difference. Specialties: Software development, Scrum/Agile, Process and Problem management.