-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path_headers
More file actions
24 lines (20 loc) · 1.4 KB
/
_headers
File metadata and controls
24 lines (20 loc) · 1.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Netlify / Cloudflare Pages header rules.
# Mirrors vercel.json. Keep in sync when either changes.
#
# Netlify: https://docs.netlify.com/routing/headers/
# Cloudflare Pages: https://developers.cloudflare.com/pages/configuration/headers/
/*
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=(), usb=(), magnetometer=(), gyroscope=()
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Content-Security-Policy: default-src 'self'; script-src 'self' 'sha256-M2waZU0+aDDZeRNrYpQnZmzs31SJjHqWBvNiBIBwwUU=' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; style-src-attr 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https:; connect-src 'self' https://cdn.jsdelivr.net https://api.github.com https://raw.githubusercontent.com; worker-src 'self' blob:; frame-src 'self'; frame-ancestors 'none'; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests
/service-worker.js
Cache-Control: public, max-age=0, must-revalidate
Service-Worker-Allowed: /
/icons/*
Cache-Control: public, max-age=31536000, immutable
/og-image.png
Cache-Control: public, max-age=31536000, immutable