Configure headers for netlify

author: Alan Pearce 2023-09-02 18:39:05 +0200
committer: Alan Pearce 2023-09-02 18:39:05 +0200
commit: edfec31a52c4548100ba845dc16df4c046f59042 (patch)
tree: 9c6fc877db94d97d9c9d895bd7bf5b42c68976af
parent: a1bcb91851d84d3796a8a281af8d01ce0a79a3fc (diff)
download: zola-bearblog-edfec31a52c4548100ba845dc16df4c046f59042.tar.lz
zola-bearblog-edfec31a52c4548100ba845dc16df4c046f59042.tar.zst
zola-bearblog-edfec31a52c4548100ba845dc16df4c046f59042.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/netlify.toml b/netlify.toml
index 112bf78..422ca3b 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -13,3 +13,13 @@ ZOLA_VERSION = "0.17.2"
 
 [context.deploy-preview]
 command = "zola build --base-url $DEPLOY_PRIME_URL"
+
+[[headers]]
+  for = "/*"
+  [headers.values]
+    X-Frame-Options = "DENY"
+    X-Content-Type-Options = "nosniff"
+    X-XSS-Protection = "1; mode=block"
+    Referrer-Policy = "strict-origin-when-cross-origin"
+    Strict-Transport-Security = "max-age=63072000; includeSubdomains"
+    Content-Security-Policy = "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'none'"
author	Alan Pearce	2023-09-02 18:39:05 +0200
committer	Alan Pearce	2023-09-02 18:39:05 +0200
commit	edfec31a52c4548100ba845dc16df4c046f59042 (patch)
tree	9c6fc877db94d97d9c9d895bd7bf5b42c68976af
parent	a1bcb91851d84d3796a8a281af8d01ce0a79a3fc (diff)
download	zola-bearblog-edfec31a52c4548100ba845dc16df4c046f59042.tar.lz zola-bearblog-edfec31a52c4548100ba845dc16df4c046f59042.tar.zst zola-bearblog-edfec31a52c4548100ba845dc16df4c046f59042.zip