- {{- $csp_policy := site.Params.security.csp.policy | default "" -}}
- {{- $csp_report_only := site.Params.security.csp.report_only | default false -}}
- # Netlify headers
- # Automatically generated
- # Documentation: http://bit.ly/netlify-deployment
- /*
- X-Frame-Options: DENY
- X-XSS-Protection: 1; mode=block
- X-Content-Type-Options: nosniff
- Strict-Transport-Security: max-age=31536000; includeSubDomains
- {{with $csp_policy}}Content-Security-Policy{{if $csp_report_only}}-Report-Only{{end}}: {{.}}{{end}}
- /index.webmanifest
- Content-Type: application/manifest+json
- /index.xml
- Content-Type: application/rss+xml
|
