It mainly blocks specific GET / query parameters and also some user agents.

When this option is enabled, this config file will be included in the nginx config.

https://github.com/jc21/nginx-proxy-manager/blob/develop/docker/rootfs/etc/nginx/conf.d/include/block-exploits.conf