This list contains some extra (security) headers for sites/servers you deploy using Laravel Forge.
Note: this post will be updated in the future.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
add_header Referrer-Policy "no-referrer-when-downgrade";
add_header Content-Security-Policy "frame-ancestors 'self'";
Want to check how your site scores with security headers? Take a look at https://securityheaders.com/
"Frame-Ancestors" header
More information about Frame Ancestors can be found on: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
"Strict-Transport-Security" header
More information can be found on: https://scotthelme.co.uk/hsts-the-missing-link-in-tls/
"Referrer-Policy" header
More information can be found on: https://scotthelme.co.uk/a-new-security-header-referrer-policy/
"Feature-Policy" header
What is the header "Feature Policy" for? That's explain on this blog: https://scotthelme.co.uk/a-new-security-header-feature-policy/
"Content-Security-Policy" header
More information can be found on: https://scotthelme.co.uk/content-security-policy-an-introduction/