Skip to content

Instantly share code, notes, and snippets.

@emersion
Created July 30, 2018 12:45
Show Gist options
  • Save emersion/44eaf37f0a2ff2e42cd426779aefe912 to your computer and use it in GitHub Desktop.
Save emersion/44eaf37f0a2ff2e42cd426779aefe912 to your computer and use it in GitHub Desktop.
Caddy strict security headers
header / {
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "no-referrer"
Content-Security-Policy "default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'none'; form-action 'self'; worker-src 'none'; frame-src https://youtube-nocookie.com;"
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self'; speaker 'none'; usb 'none'; vr 'none';"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment