From 7ab02e699c949da9d52142bd7e118ae9a38b69cf Mon Sep 17 00:00:00 2001
From: Koen Rouwhorst <koenrh@users.noreply.github.com>
Date: Thu, 18 Apr 2019 17:13:33 +0200
Subject: [PATCH] Add basic security HTTP response headers. (#3)

---
 netlify.toml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/netlify.toml b/netlify.toml
index 73e95a1..f03e0ae 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -15,3 +15,12 @@
   from = "/*"
   to = "/api/404.html"
   status = 404
+
+[[headers]]
+  for = "/*"
+  [headers.values]
+    Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
+    X-Frame-Options = "deny"
+    X-Content-Type-Options = "nosniff"
+    X-XSS-Protection = "1; mode=block"
+    Referrer-Policy = "strict-origin-when-cross-origin"