-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path_headers
More file actions
16 lines (15 loc) · 992 Bytes
/
_headers
File metadata and controls
16 lines (15 loc) · 992 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# NOTE: This file uses Netlify / Cloudflare Pages syntax. GitHub Pages — which
# serves this site today — silently IGNORES the rules below. The values are
# kept here as a single source of truth for an eventual move to Cloudflare
# Pages or Netlify, and as a reference for the security headers the project
# intends to enforce in production. The subset of headers that browsers honour
# from in-document <meta http-equiv> tags is mirrored elsewhere in the site
# chrome where applicable; CSP via <meta> is intentionally not added here
# because it cannot express the same directive set as a real HTTP header.
/*
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: camera=(), microphone=(), geolocation=()
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https:;