Update security headers
h-enk opened this issue · comments
Henk Verlinde commented
/*
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; img-src 'self'; object-src 'none'
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin
Feature-Policy: vibrate 'self'; usermedia *; sync-xhr 'self' https://getvalidate.com
Cache-Control: public, max-age=31536000
Henk Verlinde commented
Allow for data:image/svg+xml;base64
:
Content-Security-Policy: default-src 'self'; img-src 'self' data:; object-src 'none'
Henk Verlinde commented
Feature-Policy: geolocation 'self'