We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 99b270d commit 3d14625Copy full SHA for 3d14625
1 file changed
README.md
@@ -39,7 +39,7 @@ X-Content-Type-Options: nosniff <-----------
39
40
* Plug-n-Play: the default set of security headers can be enabled with `security_headers on;` in your NGINX configuration
41
* Sends `X-Content-Type-Options` only for relevant MIME types (CSS/JS), preserving unnecessary headers from being sent for HTML documents
42
-* Similiarly, sends HTML-only relevant headers for relevant types and skips sending for others e.g. `X-Frame-Options` is useless for CSS
+* Similarly, sends HTML-only security headers for relevant types only, not sending for others, e.g. `X-Frame-Options` is useless for CSS
43
* Plays well with conditional `GET` requests: the security headers are not included there unnecessarily
44
* Does not suffer the `add_header` directive's pitfalls
45
* Hides `X-Powered-By`, which often leaks PHP version information
0 commit comments