mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2024-07-11 13:51:56 +00:00
17 lines
1.2 KiB
Plaintext
17 lines
1.2 KiB
Plaintext
header X-Frame-Options SAMEORIGIN
|
|
header X-Content-Type-Options nosniff
|
|
header X-XSS-Protection 0
|
|
|
|
vars pg_csp_self "https://www.privacyguides.org https://cdn.privacyguides.org 'self'"
|
|
# You can check whether a CSP directive will fall back to default-src on MDN.
|
|
# Add CSP directives WITH a default-src fallback here:
|
|
header +Content-Security-Policy "default-src 'none'; script-src {vars.pg_csp_self} 'unsafe-inline'; style-src {vars.pg_csp_self} 'unsafe-inline'; font-src {vars.pg_csp_self} data:; img-src data: {vars.pg_csp_self}; connect-src https://api.github.com https://*.privacyguides.net {vars.pg_csp_self}; frame-src https://*.privacyguides.net https://snowflake.torproject.org {vars.pg_csp_self}"
|
|
# Add CSP directives WITHOUT a default-src fallback here:
|
|
header +Content-Security-Policy "form-action 'self'; frame-ancestors 'none'; base-uri 'none'; sandbox allow-scripts allow-popups allow-same-origin;"
|
|
|
|
header Permissions-Policy "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
|
|
|
|
header Access-Control-Allow-Origin "*"
|
|
|
|
header @static Cache-Control max-age=2592000
|