{{- $csp_policy := site.Params.security.csp.policy | default "" -}}
{{- $csp_report_only := site.Params.security.csp.report_only | default false -}}
{{- $permissions_policy := site.Params.security.permissions.policy | default "" -}}
# Netlify headers
# Automatically generated
# Documentation: http://bit.ly/netlify-deployment
/*
  X-Frame-Options: DENY
  X-XSS-Protection: 1; mode=block
  X-Content-Type-Options: nosniff
  Strict-Transport-Security: max-age=31536000; includeSubDomains
  {{with $csp_policy}}Content-Security-Policy{{if $csp_report_only}}-Report-Only{{end}}: {{.}}{{end}}
  {{with $permissions_policy}}Permissions-Policy: {{.}}{{end}}
/index.webmanifest
  Content-Type: application/manifest+json
/index.xml
  Content-Type: application/rss+xml