diff options
author | Alan Pearce | 2024-07-04 21:13:10 +0200 |
---|---|---|
committer | Alan Pearce | 2024-07-04 21:13:10 +0200 |
commit | 612e4d3bac02ad9293305c4298886c3906c2cddb (patch) | |
tree | ba05d56b73c56419eb9e3b541d84d9a022826734 | |
parent | 7400b2527aa7689cec3ed6a8d3382d20c067d88d (diff) | |
download | zola-bearblog-612e4d3bac02ad9293305c4298886c3906c2cddb.tar.lz zola-bearblog-612e4d3bac02ad9293305c4298886c3906c2cddb.tar.zst zola-bearblog-612e4d3bac02ad9293305c4298886c3906c2cddb.zip |
add headers for cloudflare pages
-rw-r--r-- | static/_headers | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/static/_headers b/static/_headers new file mode 100644 index 0000000..e9c6024 --- /dev/null +++ b/static/_headers @@ -0,0 +1,13 @@ +# This _headers file is used to set headers on cloudflare pages: https://developers.cloudflare.com/pages/configuration/headers/ +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy (disabled everything except autoplay, local-fonts, screen-wake-lock, speaker-selection) +# opt out of Federated Learning of Cohorts (aka "FLoC") - https://amifloced.org/ +/* + X-Frame-Options: DENY + X-Content-Type-Options: nosniff + X-XSS-Protection: 1; mode=block + Referrer-Policy: strict-origin-when-cross-origin + Strict-Transport-Security: max-age=63072000; includeSubdomains + Permissions-Policy: interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), browsing-topics=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), serial=(), storage-access=(), sync-xhr=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=() + Content-Security-Policy: default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'sha256-p5EfRIhWJi7Zh7WJil3mpIVCZvcu+zebWbMe6B0so8A='; form-action 'none'; base-uri 'self'; frame-ancestors 'none' + Cross-Origin-Resource-Policy: same-site + Cache-Control: max-age=300, s-maxage=86400, stale-while-revalidate |