1、增加header公共文件

文件地址：/etc/nginx/conf.d/security_headers.conf

# XSS防护配置
    add_header X-XSS-Protection "1; mode=block" always;
# 其他安全配置
    add_header X-Content-Type-Options "nosniff";
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Download-Options "noopen" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin";
# HSTS核心配置
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
    add_header X-Permitted-Cross-Domain-Policies "by-content-type";

2、配置

server {
....
   location / {
        include  /etc/nginx/conf.d/security_headers.conf;
        .....
   }
....
}

配置详细解释：Nginx 安全设置