diff --git a/netlify.toml b/netlify.toml index b2db5df..bff6125 100644 --- a/netlify.toml +++ b/netlify.toml @@ -1,13 +1,13 @@ [[headers]] for = "/*" [headers.values] - Strict-Transport-Security: max-age=63072000; includeSubDomains; preload - Content-Security-Policy : child-src 'self'; connect-src 'self'; font-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' - X-Content-Type-Options : nosniff - Referrer-Policy : no-referrer - Cross-Origin-Opener-Policy : same-origin - Cross-Origin-Embedder-Policy : require-corp - X-Frame-Options : DENY - X-XSS-Protection : 0 - Permissions-Policy : accelerometer=(), autoplay=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=() - Cross-Origin-Resource-Policy : same-origin \ No newline at end of file + Strict-Transport-Security = max-age=63072000; includeSubDomains; preload + Content-Security-Policy = child-src 'self'; connect-src 'self'; font-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none' + X-Content-Type-Options = nosniff + Referrer-Policy = no-referrer + Cross-Origin-Opener-Policy = same-origin + Cross-Origin-Embedder-Policy = require-corp + X-Frame-Options = DENY + X-XSS-Protection = 0 + Permissions-Policy = accelerometer=(), autoplay=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=() + Cross-Origin-Resource-Policy = same-origin \ No newline at end of file