Nginx Secure Configuration

HTTPS Enforced Redirection (301)

Redirect all unencrypted HTTP traffic to HTTPS securely.

server {
  listen 80;
  server_name example.com www.example.com;
  return 301 https://example.com$request_uri;
}

Strict Security Headers Configuration

Protect visitors against XSS, clickjacking, and mime-type sniffing.

# Add security headers globally
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;