- 'always set X-Frame-Options "SAMEORIGIN"'
- 'always set X-Content-Type-Options "nosniff"'
- 'always set Strict-Transport-Security: "max-age=15768001"'
+ - 'always set Referrer-Policy "origin"'
- "set Content-Security-Policy \"default-src 'none'; connect-src 'self'; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
aliases:
- '.* /404.html [R=404,L]'
- provider: filesmatch
- path: '\.(ttf|otf|eot|woff)$'
+ path: '\.(ttf|otf|eot|woff|woff2)$'
headers:
- 'always set Access-Control-Allow-Origin "*"'
rewrites:
- 'always set X-Frame-Options "SAMEORIGIN"'
- 'always set X-Content-Type-Options "nosniff"'
- 'always set Strict-Transport-Security: "max-age=15768001"'
+ - 'always set Referrer-Policy "origin"'
- "set Content-Security-Policy \"default-src 'none'; connect-src 'self'; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
aliases:
- '.* /404.html [R=404,L]'
- provider: filesmatch
- path: '\.(ttf|otf|eot|woff)$'
+ path: '\.(ttf|otf|eot|woff|woff2)$'
headers:
- 'always set Access-Control-Allow-Origin "*"'
rewrites:
projects / pixelpark / hiera.git / commitdiff