forked from thedaviddias/Front-End-Checklist
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path_headers
More file actions
10 lines (10 loc) · 718 Bytes
/
_headers
File metadata and controls
10 lines (10 loc) · 718 Bytes
1
2
3
4
5
6
7
8
9
10
/*
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
# Prevent browsers from incorrectly detecting non-scripts as scripts
X-Content-Type-Options: nosniff
# Don't load any resource type not explicitly enabled
# Disable plugins like Flash or Silverlight
# Load images, scripts, stylesheets and fonts from self
# Send reports to report-uri.io
# Content-Security-Policy: default-src 'self' everywhere-8a59.kxcdn.com; object-src 'none'; img-src https: app.codesponsor.io www.google.com; script-src https: www.google-analytics.com ajax.googleapis.com platform.twitter.com buttons.github.io; style-src https: ; font-src https: ; report-uri https://frontendchecklist.report-uri.io/r/default/csp/enforce;