From 7308dbdae1ea373672cfec54331e0590608dfe03 Mon Sep 17 00:00:00 2001
From: rav4s <ravidhruvishshah@gmail.com>
Date: Thu, 15 Apr 2021 08:58:38 -0500
Subject: [PATCH] Added permissions policy to opt-out of Google FLoC (Federated
 Learning of Cohorts)

---
 reverse-proxy.conf   | 1 +
 subdomain-proxy.conf | 1 +
 2 files changed, 2 insertions(+)

diff --git a/reverse-proxy.conf b/reverse-proxy.conf
index 41c4fc0..69c28d8 100644
--- a/reverse-proxy.conf
+++ b/reverse-proxy.conf
@@ -72,6 +72,7 @@ server {
 
       # Set the security headers
 
+      add-header Permissions-Policy "interest-cohort=()"; # Don't allow Google FLoC
       add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; #HSTS
       add_header X-Frame-Options DENY; #Prevents clickjacking
       add_header X-Content-Type-Options nosniff; #Prevents mime sniffing
diff --git a/subdomain-proxy.conf b/subdomain-proxy.conf
index c38b0ad..d9842f8 100644
--- a/subdomain-proxy.conf
+++ b/subdomain-proxy.conf
@@ -46,6 +46,7 @@ server {
 
       # Set the security headers
 
+      add-header Permissions-Policy "interest-cohort=()"; # Don't allow Google FLoC
       add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; #HSTS
       add_header X-Frame-Options DENY; #Prevents clickjacking
       add_header X-Content-Type-Options nosniff; #Prevents mime sniffing