-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path_headers
More file actions
24 lines (21 loc) · 1.06 KB
/
_headers
File metadata and controls
24 lines (21 loc) · 1.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Security headers for all pages
/*
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://static.cloudflareinsights.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' https://static.cloudflareinsights.com; connect-src 'self' https://cloudflareinsights.com
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Referrer-Policy: same-origin
Permissions-Policy: camera=(), microphone=(), geolocation=()
Cache-Control: public, max-age=3600, stale-while-revalidate=86400
# Long cache for images (31 days, immutable)
/images/*
Cache-Control: public, max-age=2678400, immutable
# RSS feed headers
/rss.xml
Content-Type: application/rss+xml; charset=utf-8
Cache-Control: public, max-age=3600, stale-while-revalidate=86400
# JSON feed headers
/feed.json
Content-Type: application/feed+json; charset=utf-8
Cache-Control: public, max-age=3600, stale-while-revalidate=86400