nginx – Content-Security-Policy issues – Server Fault


I’m running NGINX as a reverse proxy and I4ve set the Content-Security-Policy header and I’m running into problems with some directives.

I get the following errors in the console:

Unrecognized Content-Security-Policy directive ‘disown-opener’.
Unrecognized Content-Security-Policy directive ‘reflected-xss’.

They are set in the following way:

disown-opener;
reflected-xss block;

Everything I can find on it is a few years old and doesn’t reall offer much information, are these still current or should I just get rid of them?