misp-docker/server/files/etc/nginx/misp80-noredir

server {
    listen 80;
    listen [::]:80;
    root /var/www/MISP/app/webroot;
    index index.php;

    client_max_body_size 50M;

    # Disable access logs
    access_log off;
    log_not_found off;
    error_log  /dev/stderr error;

    # Aded headers for hardening browser security
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

    location / {
        try_files $uri $uri/ /index.php$is_args$query_string;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_read_timeout 300;
    }
}