bang wibowo pernah tes di https securityheaders[dot]io dapat nilai apa?
mau tanya untuk nambah kode ini untuk per domain
#Strict-Transport-Security
add_header Strict-Transport-Security "max-age=31536000;" always;
#X-Frame-Options
add_header X-Frame-Options "SAMEORIGIN" always;
#X-Content-Type-Options
add_header X-Content-Type-Options "nosniff" always;
#X-XSS-Protection
add_header X-Xss-Protection "1; mode=block" always;
#Content-Security-Policy
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://domain.disqus.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.google-analytics.com";
#Public-Key-Pins
add_header Public-Key-Pins 'pin-sha256="X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg="; pin-sha256="MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec="; pin-sha256="isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg="; max-age=10';
diamana? apakah sama di
/opt/configs/nginx/conf/globals/ssl_base.conf.
terimakasih,