From 9cb96154de0697105ab4f473f23e4c4abf6e204e Mon Sep 17 00:00:00 2001
From: mat ess <mat@mat.services>
Date: Thu, 20 Oct 2022 21:41:27 -0400
Subject: [PATCH] Add headers for redirect

---
 netlify.toml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/netlify.toml b/netlify.toml
index c91c724..4c06783 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -11,6 +11,23 @@
   from = "https://mat-services.netlify.app/*"
   to = "https://mat.services/:splat"
   force = true
+  
+  [redirects.headers]
+    # disable FLoC tracking
+    Permissions-Policy = "interest-cohort=()"
+    # enable HSTS
+    Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
+    # disable clients from sniffing the media type
+    X-Content-Type-Options = "nosniff"
+    # clickjacking protection
+    X-Frame-Options = "DENY"
+    # keep referrer data off of HTTP connections
+    Referrer-Policy = "no-referrer"
+    # content security policy
+    # style-src 'unsafe-inline': syntax highlighting in codefences
+    # sandbox allow-popups: enable target="_blank" links to open in new tabs
+    Content-Security-Policy = "default-src 'none'; img-src 'self' https://mat.services https://stats.mat.services; style-src 'self' https://mat.services 'unsafe-inline'; font-src 'self' https://mat.services; script-src 'self' https://mat.services https://stats.mat.services; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests; sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox"
+
 
 [[headers]]
   for = "/*"