2022-10-21 01:05:24 +00:00
|
|
|
/*
|
|
|
|
# disable FLoC tracking
|
|
|
|
Permissions-Policy: interest-cohort=()
|
|
|
|
# enable HSTS
|
|
|
|
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
|
|
|
|
# disable clients from sniffing the media type
|
|
|
|
X-Content-Type-Options: nosniff
|
|
|
|
# clickjacking protection
|
|
|
|
X-Frame-Options: DENY
|
|
|
|
# keep referrer data off of HTTP connections
|
|
|
|
Referrer-Policy: no-referrer
|
|
|
|
# content security policy
|
|
|
|
# style-src 'unsafe-inline': syntax highlighting in codefences
|
|
|
|
# sandbox allow-popups: enable target="_blank" links to open in new tabs
|
|
|
|
Content-Security-Policy: default-src 'none';
|
|
|
|
Content-Security-Policy: img-src 'self' https://mat.services https://stats.mat.services;
|
|
|
|
Content-Security-Policy: style-src 'self' https://mat.services 'unsafe-inline';
|
|
|
|
Content-Security-Policy: font-src 'self' https://mat.services;
|
|
|
|
Content-Security-Policy: script-src 'self' https://mat.services https://stats.mat.services;
|
|
|
|
Content-Security-Policy: form-action 'none';
|
|
|
|
Content-Security-Policy: frame-ancestors 'none';
|
|
|
|
Content-Security-Policy: base-uri 'none';
|
|
|
|
Content-Security-Policy: upgrade-insecure-requests;
|
|
|
|
Content-Security-Policy: sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox;
|