mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-11-17 12:01:35 -05:00
17 lines
1.0 KiB
TOML
17 lines
1.0 KiB
TOML
|
[[headers]]
|
||
|
|
for = "/*"
|
||
|
|
[headers.values]
|
||
|
|
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
|
||
|
|
Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'"
|
||
|
|
X-Content-Type-Options = "nosniff"
|
||
|
|
Referrer-Policy = "no-referrer"
|
||
|
|
Cross-Origin-Opener-Policy = "same-origin"
|
||
|
|
Cross-Origin-Embedder-Policy = "require-corp"
|
||
|
|
X-Frame-Options = "DENY"
|
||
|
|
X-XSS-Protection = "0"
|
||
|
|
Permissions-Policy = "accelerometer=(), autoplay=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=()"
|
||
|
|
Cross-Origin-Resource-Policy = "same-origin"
|
||
|
|
|
||
|
|
[context.deploy-preview]
|
||
|
|
command = "hugo -b $DEPLOY_PRIME_URL"
|