www/deploy/headers_secure.conf

# A+ on https://securityheaders.io/
add_header X-Frame-Options deny;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy strict-origin;
add_header Cache-Control no-transform;
add_header Content-Security-Policy "script-src 'unsafe-inline'";
add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
# 6 months HSTS pinning
add_header Strict-Transport-Security max-age=16000000;
Added container building script and kubernetes manifest 2021-11-13 18:42:52 +01:00			`# A+ on https://securityheaders.io/`
			`add_header X-Frame-Options deny;`
			`add_header X-XSS-Protection "1; mode=block";`
			`add_header X-Content-Type-Options nosniff;`
			`add_header Referrer-Policy strict-origin;`
			`add_header Cache-Control no-transform;`
Fixed CSP 2023-10-01 22:43:00 +02:00			`add_header Content-Security-Policy "script-src 'unsafe-inline'";`
Added container building script and kubernetes manifest 2021-11-13 18:42:52 +01:00			`add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";`
			`# 6 months HSTS pinning`
			`add_header Strict-Transport-Security max-age=16000000;`