Add basic security HTTP response headers. (#3)

carolinmaisenbacher · Apr 18, 2019 · 7ab02e6 · 7ab02e6
1 parent aec1cce
commit 7ab02e6
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/netlify.toml b/netlify.toml
@@ -15,3 +15,12 @@
   from = "/*"
   to = "/api/404.html"
   status = 404
+
+[[headers]]
+  for = "/*"
+  [headers.values]
+    Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
+    X-Frame-Options = "deny"
+    X-Content-Type-Options = "nosniff"
+    X-XSS-Protection = "1; mode=block"
+    Referrer-Policy = "strict-origin-when-cross-origin"