Commit e34829c

@@ -30,6 +30,12 @@ server {
   error_log /var/log/nginx/<%= @domain %>.error.log;
   access_log /var/log/nginx/<%= @domain %>.access.log;
 
+  # enable HTST
+  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
+
+  # disable loading in an iframe
+  add_header X-Frame-Options "DENY";
+
   if ($http_user_agent ~* (wget|easouspider|ahrefsbot|httrack|htmlparser|libwww) ) {
     return 403;
   }