Releases · GetPageSpeed/ngx_security_headers · GitHub

26 Apr 11:51

dvershinin

v0.1.2 Latest

Latest

What's Changed

More headers to hide, more tests, if replaced by switch by @novashdima in #23

New Contributors

@novashdima made their first contribution in #23

Full Changelog: 0.1.1...0.1.2

Contributors

novashdima

Assets 2

09 Nov 09:05

dvershinin

v0.1.1

Fixed issue with scheme extraction (#22), thanks to @kosmas-valianos for the contribution.

Contributors

kosmas-valianos

Assets 2

05 Sep 17:47

dvershinin

v0.1.0

Fixed

HSTS set to 1 year instead of 2 years by default (#18)
New default X-XSS-Protection: 0, see #19

Assets 2

18 Mar 07:38

dvershinin

v0.0.11

Fixed

Sending HSTS header no longer requires building with OpenSSL #12
Fixes HSTS preload was not added by default #15

Assets 2

13 Mar 18:04

dvershinin

v0.0.10

Ability to opt-out of added preload addition for HSTS, using security_headers_hsts_preload off;.
Remove X-Application-Version header
For adding HSTS, check URL protocol instead of connection protocol to be 'https://' #12

Assets 2

29 Feb 00:22

dvershinin

v0.0.9

Hide more server tokens
Optimization (e.g. don't send X-Frame-Options for non-HTML)

Assets 2

05 Dec 20:03

dvershinin

v0.0.8

Added security_headers_referrer_policy directive

Assets 2

01 Sep 18:53

dvershinin

v0.0.7

Reliable header replacement
Added HSTS

Assets 2

23 Aug 23:01

dvershinin

v0.0.4

Overwrites existing security headers, instead of duplicating them

Assets 2

21 Aug 22:23

dvershinin

v0.0.3

Changed module to AUX_FILTER

Assets 2