From 63e15fe0474e0de641a050795b61487be7e52533 Mon Sep 17 00:00:00 2001
From: rav4s <ravidhruvishshah@gmail.com>
Date: Mon, 28 Dec 2020 15:36:38 -0600
Subject: [PATCH] Added explanations for security headers

---
 subdomain-proxy.conf | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/subdomain-proxy.conf b/subdomain-proxy.conf
index b8c8486..c38b0ad 100644
--- a/subdomain-proxy.conf
+++ b/subdomain-proxy.conf
@@ -45,12 +45,12 @@ server {
       proxy_redirect      http://YOURSERVER:YOURPORT https://YOURSUBDOMAIN.YOURSITEDOMAIN.com;
 
       # Set the security headers
-      
-      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
-      add_header X-Frame-Options DENY;
-      add_header X-Content-Type-Options nosniff;
-      add_header X-XSS-Protection "1; mode=block";
-      add_header Referrer-Policy "origin";
+
+      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; #HSTS
+      add_header X-Frame-Options DENY; #Prevents clickjacking
+      add_header X-Content-Type-Options nosniff; #Prevents mime sniffing
+      add_header X-XSS-Protection "1; mode=block"; #Prevents cross-site scripting attacks
+      add_header Referrer-Policy "origin"; #Idk what this actually does";
     }
 
 }