summaryrefslogtreecommitdiffstats
path: root/config/_default/server.toml
diff options
context:
space:
mode:
Diffstat (limited to 'config/_default/server.toml')
-rw-r--r--config/_default/server.toml40
1 files changed, 40 insertions, 0 deletions
diff --git a/config/_default/server.toml b/config/_default/server.toml
new file mode 100644
index 0000000..c80d88d
--- /dev/null
+++ b/config/_default/server.toml
@@ -0,0 +1,40 @@
+[[headers]]
+for = '/**'
+[headers.values]
+ Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
+ X-Content-Type-Options = "nosniff"
+ X-XSS-Protection = "1; mode=block"
+ Content-Security-Policy = """\
+ default-src 'self'; \
+ script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com; \
+ style-src 'self' https://fonts.googleapis.com https://www.youtube.com; \
+ object-src 'none'; \
+ base-uri 'self'; \
+ connect-src 'self'
+ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; \
+ font-src 'self' https://fonts.gstatic.com; \
+ frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; \
+ img-src 'self' data: https://i.vimeocdn.com https://i.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com https://tile.openstreetmap.org; \
+ manifest-src 'self'; \
+ media-src 'self' \
+ """
+ X-Frame-Options = "SAMEORIGIN"
+ Referrer-Policy = "strict-origin"
+ Permissions-Policy = """\
+ geolocation=(), \
+ midi=(), \
+ sync-xhr=(), \
+ microphone=(), \
+ camera=(), \
+ magnetometer=(), \
+ gyroscope=(), \
+ fullscreen=(), \
+ payment=() \
+ """
+ cache-control = """\
+ max-age=0, \
+ no-cache, \
+ no-store, \
+ must-revalidate \
+ """
+ Access-Control-Allow-Origin = "*"
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-11 17:38:34 +0000