Posts

How to secure Web application headers with Nginx.

Have you ever wondered how your website/application headers are?
A good step to start is to scan the website:

https://securityheaders.com

After the scan, you can asses the problems. I will explain how to resolve those issues with “Nginx”. If you don’t have HTTPS it’s a good start to use letsencrypt, it’s free and CloudFlare it has a very good support for both.

Add a new configuration section in nginx http:

Best to add a file like security.conf in /etc/nginx/conf.d which can be modified later on.

Test nginx configuration & reload!

Check
https://securityheaders.com & test again…

NB: Be careful with Content-Security-Policy, this needs to be modified depends on your site and dependencies.

Is security headers enough? That’s a NO… using CloudFlare & Nginx security its an abstract layer over the web application which needs to be scanned and improved periodically to keep it secured.