Nginx - XSS Prevention

Nginx XSS Prevention adalah

set $block_xss 0;

if ($query_string ~ "base64_(en|de)code\(.*\)") {
    set $block_xss 1;
}
if ($request_uri ~ "base64_(en|de)code\(.*\)") {
    set $block_xss 1;
}
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
    set $block_xss 1;
}
if ($request_uri ~ "(<|%3C).*script.*(>|%3E)") {
    set $block_xss 1;
}
if ($query_string ~ "(<|%3C).*iframe.*(>|%3E)") {
    set $block_xss 1;
}
if ($request_uri ~ "(<|%3C).*iframe.*(>|%3E)") {
    set $block_xss 1;
}
if ($block_xss = 1) {
    return 403;
}