From 719a6f6d58c1c1dbdfb945901e66f780b264c4d3 Mon Sep 17 00:00:00 2001
From: Marc Beninca <marc-beninca@rwx.work>
Date: Thu, 8 Aug 2019 15:27:01 +0200
Subject: [PATCH] server/nginx/expect-ct

---
 in/personal/server/index.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/in/personal/server/index.rst b/in/personal/server/index.rst
index 5d07819..759396c 100644
--- a/in/personal/server/index.rst
+++ b/in/personal/server/index.rst
@@ -391,7 +391,8 @@ Security
 
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
- add_header Content-Security-Policy "default-src 'self'";
+ add_header Content-Security-Policy "default-src 'self'" always;
+ add_header Expect-CT "max-age=0, enforce" always;
  add_header Strict-Transport-Security "max-age=31557600; includeSubDomains; preload" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header X-Frame-Options "SAMEORIGIN" always;