-
Notifications
You must be signed in to change notification settings - Fork 1
/
_headers
97 lines (81 loc) · 2.65 KB
/
_headers
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
/*
# Only connect to this site and subdomains via HTTPS for the next one year
Strict-Transport-Security: max-age=31536000; includeSubDomains
# Block site from being framed with X-Frame-Options and CSP
Content-Security-Policy: frame-ancestors 'none'
# X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
X-Frame-Options: SAMEORIGIN
# Prevent browsers from incorrectly detecting non-scripts as scripts
X-Content-Type-Options: nosniff
# Don't load any resource type not explicitly enabled
# Disable plugins like Flash or Silverlight
# Load images, scripts, stylesheets and fonts from self
Content-Security-Policy: upgrade-insecure-requests;
# X-XSS-Protection sets the configuration for the cross-site scripting filter built into most browsers.
X-XSS-Protection: 1; mode=block
# Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Referrer-Policy: strict-origin-when-cross-origin
# Expire rules for static content
# cache.appcache, your document html and data
/*manifest
Cache-Control: max-age=0, public
/*.appcache
Cache-Control: max-age=0, public
/*.html
Cache-Control: max-age=0, public
/*.xml
Cache-Control: max-age=0, public
/*.json
Cache-Control: max-age=0, public
# Feed
/*.rss
Cache-Control: max-age=3600, public
/*.atom
Cache-Control: max-age=3600, public
# Media: images, icons, video, audio, HTC
/*.jpg
Cache-Control: max-age=2592000, public
/*.jpeg
Cache-Control: max-age=2592000, public
/*.gif
Cache-Control: max-age=2592000, public
/*.png
Cache-Control: max-age=2592000, public
/*.ico
Cache-Control: max-age=2592000, public
/*.cur
Cache-Control: max-age=2592000, public
/*.gz
Cache-Control: max-age=2592000, public
/*.svg
Cache-Control: max-age=2592000, public
/*.mp4
Cache-Control: max-age=2592000, public
/*.ogg
Cache-Control: max-age=2592000, public
/*.ogv
Cache-Control: max-age=2592000, public
/*.webm
Cache-Control: max-age=2592000, public
/*.htc
Cache-Control: max-age=2592000, public
/*.svgz
Cache-Control: max-age=2592000, public
# CSS and Javascript
/*.css
Cache-Control: max-age=31536000, public
/*.js
Cache-Control: max-age=31536000, public
# WebFonts
/*.ttf
Cache-Control: max-age=2592000, public
/*.ttc
Cache-Control: max-age=2592000, public
/*.otf
Cache-Control: max-age=2592000, public
/*.eot
Cache-Control: max-age=2592000, public
/*.woff
Cache-Control: max-age=2592000, public
/*.woff2
Cache-Control: max-age=2592000, public