-
Notifications
You must be signed in to change notification settings - Fork 6
/
customHttp.yml
30 lines (30 loc) · 1.5 KB
/
customHttp.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
customHeaders:
- pattern: '**'
headers:
- key: Strict-Transport-Security
value: max-age=31536000; includeSubDomains
- key: X-Frame-Options
value: DENY
- key: X-XSS-Protection
value: 1; mode=block
- key: X-Content-Type-Options
value: nosniff
- key: Referrer-Policy
value: no-referrer
- key: Permissions-Policy
value: >-
accelerometer=(), camera=(), geolocation=(), gyroscope=(),
magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
- key: Content-Security-Policy
value: >-
report-uri https://csp-report-to.security.cdssandbox.xyz/report;
default-src 'self' https://kit.fontawesome.com/ https://cdn.jsdelivr.net/npm/;
font-src 'self' fonts.gstatic.com https://unpkg.com/[email protected]/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/;
script-src 'self' 'wasm-unsafe-eval' www.googletagmanager.com www.google-analytics.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdn.jsdelivr.net/npm/ 'unsafe-inline';
frame-src www.googletagmanager.com www.google-analytics.com https://cds-snc.github.io/;
connect-src 'self' www.googletagmanager.com www.google-analytics.com www.canada.ca;
img-src 'self' data: https: www.w3.org;
style-src 'unsafe-inline' https: 'strict-dynamic' 'self' https://fonts.googleapis.com;
base-uri 'self';
form-action 'self';
object-src 'none'