|
|
@@ -40,7 +40,7 @@ ExpiresByType application/x-font-woff2 "access plus 1 year" |
|
|
|
|
|
|
|
Header always set Strict-Transport-Security "max-age=31536000; preload" |
|
|
|
Header always set X-Frame-Options SAMEORIGIN |
|
|
|
Header always set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; media-src *" |
|
|
|
Header always set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; media-src *; frame-src 'self' https://player.vimeo.com; script-src 'self' 'unsafe-inline' https://player.vimeo.com" |
|
|
|
Header always set X-Content-Type-Options nosniff |
|
|
|
Header always set X-XSS-Protection "1; mode=block" |
|
|
|
Header always set Referrer-Policy "origin" |