-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path_headers
More file actions
13 lines (12 loc) · 849 Bytes
/
_headers
File metadata and controls
13 lines (12 loc) · 849 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
# NOTE: As of v3.0.1 the security headers are also served via <meta http-equiv>
# tags in every HTML page (see scripts/check-csp-meta.sh). This file remains
# for completeness when this site is mirrored to a CDN that honours _headers
# (Netlify, Cloudflare Pages). GitHub Pages itself ignores _headers — the
# <meta> tags are the operative defence on the live site.
/*
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: camera=(), microphone=(), geolocation=()
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https://api.github.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self'