# Cabeceras de seguridad comunes.
# Incluir con:  include includes/headers;

add_header X-Frame-Options              "SAMEORIGIN" always;
add_header X-XSS-Protection             "1; mode=block" always;
add_header X-Content-Type-Options       "nosniff" always;
add_header Referrer-Policy              "strict-origin-when-cross-origin" always;
add_header Permissions-Policy           "geolocation=(), microphone=(), camera=()" always;

# Eliminar cabeceras que delaten tecnología (headers-more-nginx-module).
more_clear_headers "Server" "X-Powered-By";
