about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorAlan Pearce2023-09-02 18:39:05 +0200
committerAlan Pearce2023-09-02 18:39:05 +0200
commitedfec31a52c4548100ba845dc16df4c046f59042 (patch)
tree9c6fc877db94d97d9c9d895bd7bf5b42c68976af
parenta1bcb91851d84d3796a8a281af8d01ce0a79a3fc (diff)
downloadzola-bearblog-edfec31a52c4548100ba845dc16df4c046f59042.tar.lz
zola-bearblog-edfec31a52c4548100ba845dc16df4c046f59042.tar.zst
zola-bearblog-edfec31a52c4548100ba845dc16df4c046f59042.zip
Configure headers for netlify
-rw-r--r--netlify.toml10
1 files changed, 10 insertions, 0 deletions
diff --git a/netlify.toml b/netlify.toml
index 112bf78..422ca3b 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -13,3 +13,13 @@ ZOLA_VERSION = "0.17.2"
 
 [context.deploy-preview]
 command = "zola build --base-url $DEPLOY_PRIME_URL"
+
+[[headers]]
+  for = "/*"
+  [headers.values]
+    X-Frame-Options = "DENY"
+    X-Content-Type-Options = "nosniff"
+    X-XSS-Protection = "1; mode=block"
+    Referrer-Policy = "strict-origin-when-cross-origin"
+    Strict-Transport-Security = "max-age=63072000; includeSubdomains"
+    Content-Security-Policy = "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'none'"