add_header X-Download-Options "noopen" always; HTTP Content-Security-Policy 响应头缺失 Nginx的nginx.conf中location下配置: add_header Content-Security-Policy "default-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: data: ;"; 点击劫持:缺少 X-Frame-Options 头 Nginx的nginx.conf中location下配...