{"id":2396,"date":"2025-05-10T07:39:31","date_gmt":"2025-05-10T04:39:31","guid":{"rendered":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/"},"modified":"2025-05-10T07:39:31","modified_gmt":"2025-05-10T04:39:31","slug":"securing-your-nginx-server-setting-default-security-headers","status":"publish","type":"post","link":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/","title":{"rendered":"Securing Your Nginx Server: Setting Default Security Headers"},"content":{"rendered":"<p><br \/>\n<\/p>\n<p>In today&#8217;s digital landscape, securing your web applications is imperative. One of the key components of web security is setting appropriate HTTP security headers. These headers help protect against various attacks, such as XSS (Cross-Site Scripting), clickjacking, and other vulnerabilities. In this article, we&#8217;ll discuss how to configure Nginx to set default security headers to enhance the security of your web server.<\/p>\n<p><\/p>\n<h3>Why Use Security Headers?<\/h3>\n<p><\/p>\n<p>Security headers are HTTP response headers that can help mitigate common web application vulnerabilities. Implementing these headers provides an additional layer of security and assists in enforcing security policies.<\/p>\n<p><\/p>\n<h3>Common Security Headers<\/h3>\n<p><\/p>\n<p>Here are some essential security headers you should consider implementing:<\/p>\n<p><\/p>\n<ol><\/p>\n<li><strong>Content Security Policy (CSP)<\/strong>: Helps prevent XSS attacks by specifying which dynamic resources are allowed to load.<\/li>\n<p><\/p>\n<li><strong>Strict-Transport-Security (HSTS)<\/strong>: Enforces secure (HTTP over SSL) connections to the server.<\/li>\n<p><\/p>\n<li><strong>X-Content-Type-Options<\/strong>: Prevents browsers from MIME-sniffing a response away from the declared content type.<\/li>\n<p><\/p>\n<li><strong>X-Frame-Options<\/strong>: Protects against clickjacking by controlling whether the content can be embedded into frames or iframes.<\/li>\n<p><\/p>\n<li><strong>X-XSS-Protection<\/strong>: Configures the browser&#8217;s XSS filtering.<\/li>\n<p>\n<\/ol>\n<p><\/p>\n<h3>Preparing Your Nginx Configuration<\/h3>\n<p><\/p>\n<p>Before implementing the security headers, ensure your Nginx server is configured correctly and the appropriate modules are enabled. The following steps outline how to set these security headers.<\/p>\n<p><\/p>\n<ol><\/p>\n<li>\n<p><strong>Access Your Nginx Configuration File<\/strong><\/p>\n<p><\/p>\n<p>Open your Nginx configuration file, typically located at <code>\/etc\/nginx\/nginx.conf<\/code> or <code>\/etc\/nginx\/sites-available\/your-site.conf<\/code>.<\/p>\n<p><\/p>\n<pre><code class=\"language-bash\">sudo nano \/etc\/nginx\/sites-available\/your-site.conf<\/code><\/pre>\n<p>\n<\/li>\n<p><\/p>\n<li>\n<p><strong>Add Security Headers<\/strong><\/p>\n<p><\/p>\n<p>Within the <code>server<\/code> block of your Nginx configuration, add the following lines to set the security headers:<\/p>\n<p><\/p>\n<pre><code class=\"language-nginx\">server {<br \/>\n   listen 80;<br \/>\n   server_name yourdomain.com;<br \/>\n<br \/>\n   # Security Headers<br \/>\n   add_header Content-Security-Policy \"default-src 'self'; script-src 'self'; object-src 'none';\" always;<br \/>\n   add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains\" always;<br \/>\n   add_header X-Content-Type-Options \"nosniff\" always;<br \/>\n   add_header X-Frame-Options \"DENY\" always;<br \/>\n   add_header X-XSS-Protection \"1; mode=block\" always;<br \/>\n<br \/>\n   # Your additional configuration here<br \/>\n}<\/code><\/pre>\n<p><\/p>\n<h3>Explanation of Each Header<\/h3>\n<p><\/p>\n<ul><\/p>\n<li><strong>Content Security Policy (CSP)<\/strong>: The example allows scripts and resources only from the same origin. Adjust this policy according to your needs.<\/li>\n<p><\/p>\n<li><strong>Strict-Transport-Security (HSTS)<\/strong>: This header tells browsers to only connect to the server via HTTPS. Make sure your site supports HTTPS before enabling this header.<\/li>\n<p><\/p>\n<li><strong>X-Content-Type-Options<\/strong>: The <code>nosniff<\/code> option prevents the browser from interpreting files as a different MIME type, reducing exposure to content-type attack vectors.<\/li>\n<p><\/p>\n<li><strong>X-Frame-Options<\/strong>: By setting this option to <code>DENY<\/code>, it prevents your content from being embedded in frames.<\/li>\n<p><\/p>\n<li><strong>X-XSS-Protection<\/strong>: Setting this header to <code>1; mode=block<\/code> activates the Cross-Site Scripting filter built into most web browsers.<\/li>\n<p>\n<\/ul>\n<p>\n<\/li>\n<p><\/p>\n<li>\n<p><strong>Test Your Configuration<\/strong><\/p>\n<p><\/p>\n<p>After adding the headers, save the changes and test your Nginx configuration for syntax errors:<\/p>\n<p><\/p>\n<pre><code class=\"language-bash\">sudo nginx -t<\/code><\/pre>\n<p>\n<\/li>\n<p><\/p>\n<li>\n<p><strong>Reload Nginx<\/strong><\/p>\n<p><\/p>\n<p>If there are no errors, reload Nginx to apply the changes:<\/p>\n<p><\/p>\n<pre><code class=\"language-bash\">sudo systemctl reload nginx<\/code><\/pre>\n<p>\n<\/li>\n<p>\n<\/ol>\n<p><\/p>\n<h3>Testing Security Headers<\/h3>\n<p><\/p>\n<p>To ensure your security headers are configured correctly, you can use various tools like <a href=\"https:\/\/securityheaders.com\/\">SecurityHeaders.com<\/a> or <a href=\"https:\/\/observatory.mozilla.org\/\">Mozilla Observatory<\/a>. Simply enter your domain name, and these tools will analyze your headers and provide recommendations.<\/p>\n<p><\/p>\n<h3>Conclusion<\/h3>\n<p><\/p>\n<p>Implementing security headers is a vital step in securing your Nginx server. By configuring these headers, you can significantly reduce the risk of common attacks. Keep in mind that security is an ongoing process, and it&#8217;s essential to stay updated on the latest best practices and vulnerabilities.<\/p>\n<p><\/p>\n<p>For further enhancements, consider regularly reviewing your server configuration and monitoring web security advisories for new header recommendations.<\/p>\n<p><\/p>\n<p>By following the above steps, you play an essential role in safeguarding your web applications, ensuring a safer experience for your users. Happy securing!<\/p>\n\n","protected":false},"excerpt":{"rendered":"<p>In today&#8217;s digital landscape, securing your web applications is imperative. One of the key components of web security is setting appropriate HTTP security headers. These headers help protect against various attacks, such as XSS (Cross-Site Scripting), clickjacking, and other vulnerabilities. In this article, we&#8217;ll discuss how to configure Nginx to set default security headers to [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2397,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[22],"tags":[1393,1270,536,264,291,266,371],"class_list":["post-2396","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux-security","tag-default","tag-headers","tag-nginx","tag-securing","tag-security","tag-server","tag-setting","et-has-post-format-content","et_post_format-et-post-format-standard"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.5 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Securing Your Nginx Server: Setting Default Security Headers - WafaTech Blogs<\/title>\n<meta name=\"description\" content=\"Securing Your Nginx Server: Setting Default Security Headers %\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing Your Nginx Server: Setting Default Security Headers\" \/>\n<meta property=\"og:description\" content=\"Securing Your Nginx Server: Setting Default Security Headers %\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/\" \/>\n<meta property=\"og:site_name\" content=\"WafaTech Blogs\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-10T04:39:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2221\" \/>\n\t<meta property=\"og:image:height\" content=\"482\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"WafaTech SA\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@wafatech_sa\" \/>\n<meta name=\"twitter:site\" content=\"@wafatech_sa\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"WafaTech SA\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/securing-your-nginx-server-setting-default-security-headers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/securing-your-nginx-server-setting-default-security-headers\\\/\"},\"author\":{\"name\":\"WafaTech SA\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/person\\\/1a5761fc0feb63ab59d295d7c2648f06\"},\"headline\":\"Securing Your Nginx Server: Setting Default Security Headers\",\"datePublished\":\"2025-05-10T04:39:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/securing-your-nginx-server-setting-default-security-headers\\\/\"},\"wordCount\":508,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/securing-your-nginx-server-setting-default-security-headers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Securing-Your-Nginx-Server-Setting-Default-Security-Headers.png\",\"keywords\":[\"Default\",\"Headers\",\"Nginx\",\"Securing\",\"Security\",\"Server\",\"Setting\"],\"articleSection\":[\"Linux Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/securing-your-nginx-server-setting-default-security-headers\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/securing-your-nginx-server-setting-default-security-headers\\\/\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/securing-your-nginx-server-setting-default-security-headers\\\/\",\"name\":\"Securing Your Nginx Server: Setting Default Security Headers - WafaTech Blogs\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/securing-your-nginx-server-setting-default-security-headers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/securing-your-nginx-server-setting-default-security-headers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Securing-Your-Nginx-Server-Setting-Default-Security-Headers.png\",\"datePublished\":\"2025-05-10T04:39:31+00:00\",\"description\":\"Securing Your Nginx Server: Setting Default Security Headers %\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/securing-your-nginx-server-setting-default-security-headers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/securing-your-nginx-server-setting-default-security-headers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/securing-your-nginx-server-setting-default-security-headers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Securing-Your-Nginx-Server-Setting-Default-Security-Headers.png\",\"contentUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Securing-Your-Nginx-Server-Setting-Default-Security-Headers.png\",\"width\":1024,\"height\":1024,\"caption\":\"linux server setting secure default headers in Nginx\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/linux\\\/linux-security\\\/securing-your-nginx-server-setting-default-security-headers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing Your Nginx Server: Setting Default Security Headers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\",\"name\":\"WafaTech Blogs\",\"description\":\"Smart Technologies\",\"publisher\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\"},\"alternateName\":\"WafaTech\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#organization\",\"name\":\"WafaTech Blogs\",\"alternateName\":\"WafaTech\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/logo_big.webp\",\"contentUrl\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/logo_big.webp\",\"width\":2221,\"height\":482,\"caption\":\"WafaTech Blogs\"},\"image\":{\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/WafaTech\\\/61560546351289\\\/\",\"https:\\\/\\\/x.com\\\/wafatech_sa\",\"https:\\\/\\\/www.youtube.com\\\/@wafatech-sa\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/wafatech\\\/\"],\"description\":\"WafaTech, a leading Saudi IT services provider, specializes in cloud solutions, connectivity, and ICT services. Offering secure cloud infrastructure, high-speed internet, and ICT solutions like hosting, backup, and disaster recovery, WafaTech operates a Tier 3 data center at KAUST with ISO certifications. Regulated by CST, the company is committed to innovation, security, and customer satisfaction, empowering businesses in the digital age.\",\"email\":\"sales@wafatech.sa\",\"legalName\":\"Al-Wafa Al-Dhakia For Information Technology LLC\",\"foundingDate\":\"2013-01-08\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"11\",\"maxValue\":\"50\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/#\\\/schema\\\/person\\\/1a5761fc0feb63ab59d295d7c2648f06\",\"name\":\"WafaTech SA\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g\",\"caption\":\"WafaTech SA\"},\"url\":\"https:\\\/\\\/wafatech.sa\\\/blog\\\/author\\\/omer-yaseen\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Securing Your Nginx Server: Setting Default Security Headers - WafaTech Blogs","description":"Securing Your Nginx Server: Setting Default Security Headers %","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/","og_locale":"en_US","og_type":"article","og_title":"Securing Your Nginx Server: Setting Default Security Headers","og_description":"Securing Your Nginx Server: Setting Default Security Headers %","og_url":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/","og_site_name":"WafaTech Blogs","article_publisher":"https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/","article_published_time":"2025-05-10T04:39:31+00:00","og_image":[{"width":2221,"height":482,"url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","type":"image\/webp"}],"author":"WafaTech SA","twitter_card":"summary_large_image","twitter_creator":"@wafatech_sa","twitter_site":"@wafatech_sa","twitter_misc":{"Written by":"WafaTech SA","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/#article","isPartOf":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/"},"author":{"name":"WafaTech SA","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/person\/1a5761fc0feb63ab59d295d7c2648f06"},"headline":"Securing Your Nginx Server: Setting Default Security Headers","datePublished":"2025-05-10T04:39:31+00:00","mainEntityOfPage":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/"},"wordCount":508,"commentCount":0,"publisher":{"@id":"https:\/\/wafatech.sa\/blog\/#organization"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/#primaryimage"},"thumbnailUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/05\/Securing-Your-Nginx-Server-Setting-Default-Security-Headers.png","keywords":["Default","Headers","Nginx","Securing","Security","Server","Setting"],"articleSection":["Linux Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/","url":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/","name":"Securing Your Nginx Server: Setting Default Security Headers - WafaTech Blogs","isPartOf":{"@id":"https:\/\/wafatech.sa\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/#primaryimage"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/#primaryimage"},"thumbnailUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/05\/Securing-Your-Nginx-Server-Setting-Default-Security-Headers.png","datePublished":"2025-05-10T04:39:31+00:00","description":"Securing Your Nginx Server: Setting Default Security Headers %","breadcrumb":{"@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/#primaryimage","url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/05\/Securing-Your-Nginx-Server-Setting-Default-Security-Headers.png","contentUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/05\/Securing-Your-Nginx-Server-Setting-Default-Security-Headers.png","width":1024,"height":1024,"caption":"linux server setting secure default headers in Nginx"},{"@type":"BreadcrumbList","@id":"https:\/\/wafatech.sa\/blog\/linux\/linux-security\/securing-your-nginx-server-setting-default-security-headers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wafatech.sa\/blog\/"},{"@type":"ListItem","position":2,"name":"Securing Your Nginx Server: Setting Default Security Headers"}]},{"@type":"WebSite","@id":"https:\/\/wafatech.sa\/blog\/#website","url":"https:\/\/wafatech.sa\/blog\/","name":"WafaTech Blogs","description":"Smart Technologies","publisher":{"@id":"https:\/\/wafatech.sa\/blog\/#organization"},"alternateName":"WafaTech","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wafatech.sa\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/wafatech.sa\/blog\/#organization","name":"WafaTech Blogs","alternateName":"WafaTech","url":"https:\/\/wafatech.sa\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","contentUrl":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2024\/06\/logo_big.webp","width":2221,"height":482,"caption":"WafaTech Blogs"},"image":{"@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/WafaTech\/61560546351289\/","https:\/\/x.com\/wafatech_sa","https:\/\/www.youtube.com\/@wafatech-sa","https:\/\/www.linkedin.com\/company\/wafatech\/"],"description":"WafaTech, a leading Saudi IT services provider, specializes in cloud solutions, connectivity, and ICT services. Offering secure cloud infrastructure, high-speed internet, and ICT solutions like hosting, backup, and disaster recovery, WafaTech operates a Tier 3 data center at KAUST with ISO certifications. Regulated by CST, the company is committed to innovation, security, and customer satisfaction, empowering businesses in the digital age.","email":"sales@wafatech.sa","legalName":"Al-Wafa Al-Dhakia For Information Technology LLC","foundingDate":"2013-01-08","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"11","maxValue":"50"}},{"@type":"Person","@id":"https:\/\/wafatech.sa\/blog\/#\/schema\/person\/1a5761fc0feb63ab59d295d7c2648f06","name":"WafaTech SA","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fde877f001a2e0497276edc0684d3ba2a416c0de8caeb8e785076a1b1b932b3a?s=96&d=mm&r=g","caption":"WafaTech SA"},"url":"https:\/\/wafatech.sa\/blog\/author\/omer-yaseen\/"}]}},"jetpack_featured_media_url":"https:\/\/wafatech.sa\/blog\/wp-content\/uploads\/2025\/05\/Securing-Your-Nginx-Server-Setting-Default-Security-Headers.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts\/2396","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/comments?post=2396"}],"version-history":[{"count":0,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/posts\/2396\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/media\/2397"}],"wp:attachment":[{"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/media?parent=2396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/categories?post=2396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wafatech.sa\/blog\/wp-json\/wp\/v2\/tags?post=2396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}