diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 5ccc48b7..64d9b155 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -4,3 +4,4 @@ who commit code to the project are encouraged to add their names here. Please keep the list sorted by first names Clement Michaud +Antoine Favre <@n4kre> diff --git a/README.md b/README.md index 383080f8..c3f27d90 100644 --- a/README.md +++ b/README.md @@ -221,6 +221,28 @@ that the attacker must also require the certificate to retrieve the cookies. Note that using [HSTS] has consequences. That's why you should read the blog post nginx has written on [HSTS]. +### More protections measures + +You can also apply the following headers to your nginx configuration for +improving security. Please read the documentation of those headers before +applying them blindly. + +``` +# We don't want any credentials / TOTP secret key / QR code to be cached by +# the client +add_header Cache-Control "no-store"; +add_header Pragma "no-cache"; + +# Clickjacking / XSS protection + +# We don't want Authelia's login page to be rendered within a , +#