Add headers to caddy

2022-08-13 00:48:18 -04:00 · 2022-08-13 00:48:18 -04:00 · ad95f86290
parent 7d3a5e35da
commit ad95f86290
1 changed files with 23 additions and 0 deletions
--- a/static/Caddyfile
+++ b/static/Caddyfile
@ -9,6 +9,7 @@ http://static-mat-services.fly.dev/ {

 :8080 {
  root * /var/www
+  encode gzip
  file_server

  handle_errors {
@ -18,4 +19,26 @@ http://static-mat-services.fly.dev/ {
    rewrite @404 /404.html
    file_server
  }
+
+  header {
+    # disable FLoC tracking
+    Permissions-Policy interest-cohort=()
+    # enable HSTS
+    # currently ramping up max-age as per https://hstspreload.org/
+    Strict-Transport-Security max-age=300; includeSubDomains
+    # disable clients from sniffing the media type
+    X-Content-Type-Options nosniff
+    # clickjacking protection
+    X-Frame-Options DENY
+    # keep referrer data off of HTTP connections
+    Referrer-Policy strict-origin-when-cross-origin
+    # content security policy
+    Content-Security-Policy "default-src 'none';
+      img-src 'self';
+      style-src https://cdn.jsdelivr.net/;
+      frame-ancestors 'none';
+      base-uri 'none';
+      upgrade-insecure-requests;
+      sandbox allow-same-origin"
+  }
 }