Merge pull request #32 from PrivateBin/security-headers

new security headers, recommended by ZAP scan #29

etc/nginx/http.d/site.conf

@@ -5,6 +5,14 @@ server {
     root /var/www;
     index index.php index.html index.htm;
 
+    add_header Cross-Origin-Embedder-Policy require-corp;
+    add_header Cross-Origin-Resource-Policy same-origin;
+    add_header Cross-Origin-Opener-Policy same-origin;
+    add_header Referrer-Policy no-referrer;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Frame-Options deny;
+    add_header X-XSS-Protection "1; mode=block";
+
     location / {
         include /etc/nginx/location.d/*.conf;
         try_files $uri $uri/ /index.php$is_args$args;