-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy path_headers
More file actions
38 lines (27 loc) · 1.28 KB
/
_headers
File metadata and controls
38 lines (27 loc) · 1.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Netlify/Cloudflare Pages _headers file
# This file can be placed in your static/ directory to set security headers
# It works with Netlify and Cloudflare Pages
/*
# Content Security Policy
Content-Security-Policy: default-src 'self'; script-src 'self' https://kit.fontawesome.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' https://kit.fontawesome.com https://fonts.gstatic.com; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'
# Prevent clickjacking attacks
X-Frame-Options: DENY
# Prevent MIME type sniffing
X-Content-Type-Options: nosniff
# Enable XSS protection
X-XSS-Protection: 1; mode=block
# Control referrer information
Referrer-Policy: strict-origin-when-cross-origin
# Control browser features
Permissions-Policy: geolocation=(), microphone=(), camera=()
# Force HTTPS (uncomment after confirming HTTPS works)
# Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
# Cache static assets
/css/*
Cache-Control: public, max-age=31536000, immutable
/js/*
Cache-Control: public, max-age=31536000, immutable
/fonts/*
Cache-Control: public, max-age=31536000, immutable
/images/*
Cache-Control: public, max-age=31536000, immutable