# Advertise HTTP/3 availability
add_header Alt-Svc 'h3=":443"; ma=86400' always;
- client_max_body_size 50m;
-
# HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
#ssl_stapling on;
#ssl_stapling_verify on;
+ # Other headers
+ add_header X-Frame-Options "SAMEORIGIN" always; # Prevent clickjacking & iframe embedding
+ add_header X-XSS-Protection "1; mode=block" always; # Legacy protection
+ add_header X-Content-Type-Options "nosniff" always; # Prevent MIME-type sniffing
+ # CSP policy (prevents XSS attacks)
+ add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'" always;
+
+ client_max_body_size 50m;
+ add_header X-Request-Time $request_time always;
+
# Services Map (Homepage)
root /var/www;
index homepage.html;
# Advertise HTTP/3 availability
add_header Alt-Svc 'h3=":443"; ma=86400' always;
- client_max_body_size 50m;
-
# HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+ add_header X-Request-Time $request_time always;
ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
# OCSP stapling (NOTE: Responders disabled by letsencrypt as of Q3 2025)
#ssl_stapling on;
#ssl_stapling_verify on;
+ # Other headers
+ add_header X-Frame-Options "SAMEORIGIN" always; # Prevent clickjacking & iframe embedding
+ add_header X-XSS-Protection "1; mode=block" always; # Legacy protection
+ add_header X-Content-Type-Options "nosniff" always; # Prevent MIME-type sniffing
+ # CSP policy (prevents XSS attacks)
+ add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'" always;
+
+ client_max_body_size 50m;
+ add_header X-Request-Time $request_time always;
+
# Services Map (Homepage)
root /var/www;
index homepage.html;
<p>Built: {build_time} | Services: {service_count}</p>
<p>Nginx: <span class="ssi">v<!--#echo var="nginx_version"--></span> |
Served: <span class="ssi"><!--#echo var="date_local"--></span> |
- Request: <span class="ssi"><!--#echo var="request_uri"--></span></p>
+ Request: <span class="ssi"><!--#echo var="request_uri"--></span> |
+ Latency: <span id="latency" class="ssi">...</span></p>
</footer>
+ <script>
+ (function() {{
+ // IE11-compatible: use performance.timing (deprecated but widely supported)
+ var timing = window.performance && window.performance.timing;
+ if (timing) {{
+ window.onload = function() {{
+ var latency = timing.responseEnd - timing.requestStart;
+ var el = document.getElementById('latency');
+ if (el) el.textContent = latency + 'ms';
+ }};
+ }}
+ }})();
+ </script>
</body>
</html>"""
</div>
<footer>
- <p>Built: 2026-01-21 15:51:38 | Services: 3</p>
+ <p>Built: 2026-01-21 15:53:23 | Services: 3</p>
<p>Nginx: <span class="ssi">v<!--#echo var="nginx_version"--></span> |
Served: <span class="ssi"><!--#echo var="date_local"--></span> |
- Request: <span class="ssi"><!--#echo var="request_uri"--></span></p>
+ Request: <span class="ssi"><!--#echo var="request_uri"--></span> |
+ Latency: <span id="latency" class="ssi">...</span></p>
</footer>
+ <script>
+ (function() {
+ // IE11-compatible: use performance.timing (deprecated but widely supported)
+ var timing = window.performance && window.performance.timing;
+ if (timing) {
+ window.onload = function() {
+ var latency = timing.responseEnd - timing.requestStart;
+ var el = document.getElementById('latency');
+ if (el) el.textContent = latency + 'ms';
+ };
+ }
+ })();
+ </script>
</body>
</html>
\ No newline at end of file
</div>
<footer>
- <p>Built: 2026-01-21 15:51:38 | Services: 6</p>
+ <p>Built: 2026-01-21 15:53:23 | Services: 6</p>
<p>Nginx: <span class="ssi">v<!--#echo var="nginx_version"--></span> |
Served: <span class="ssi"><!--#echo var="date_local"--></span> |
- Request: <span class="ssi"><!--#echo var="request_uri"--></span></p>
+ Request: <span class="ssi"><!--#echo var="request_uri"--></span> |
+ Latency: <span id="latency" class="ssi">...</span></p>
</footer>
+ <script>
+ (function() {
+ // IE11-compatible: use performance.timing (deprecated but widely supported)
+ var timing = window.performance && window.performance.timing;
+ if (timing) {
+ window.onload = function() {
+ var latency = timing.responseEnd - timing.requestStart;
+ var el = document.getElementById('latency');
+ if (el) el.textContent = latency + 'ms';
+ };
+ }
+ })();
+ </script>
</body>
</html>
\ No newline at end of file
projects / nutratech / vps-root.git / commitdiff