69 lines
2.8 KiB
Plaintext
69 lines
2.8 KiB
Plaintext
# This _headers file is used to set headers on cloudflare pages: https://developers.cloudflare.com/pages/configuration/headers/
|
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy (disabled everything except autoplay, local-fonts, screen-wake-lock, speaker-selection)
|
|
# opt out of Federated Learning of Cohorts (aka "FLoC") - https://amifloced.org/
|
|
/*
|
|
X-Frame-Options: DENY
|
|
X-Content-Type-Options: nosniff
|
|
X-XSS-Protection: 1; mode=block
|
|
Referrer-Policy: strict-origin-when-cross-origin
|
|
Strict-Transport-Security: max-age=63072000; includeSubdomains
|
|
Permissions-Policy: interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), browsing-topics=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), serial=(), storage-access=(), sync-xhr=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()
|
|
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; manifest-src 'self'; worker-src 'self'; form-action 'self'; connect-src 'self' *.hyvor.com ws://*.hyvor.com; script-src 'self' talk.hyvor.com; img-src 'self' data: talk.hyvor.com cdn.cloudflare.com; frame-src 'self' www.youtube-nocookie.com player.vimeo.com streamable.com www.streamable.com; media-src 'self' data: cdn.cloudflare.com www.youtube-nocookie.com player.vimeo.com; font-src 'self' cdn.cloudflare.com cdn.jsdelivr.net fonts.gstatic.com; style-src 'self' talk.hyvor.com cdn.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com;
|
|
|
|
/*.js
|
|
Cache-Control: public, max-age=604800, must-revalidate
|
|
|
|
/*.css
|
|
Cache-Control: public, max-age=604800, must-revalidate
|
|
|
|
/*.svg
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.png
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.ico
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.jpg
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.jpeg
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.gif
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.webp
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.avif
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.mp4
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.webm
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.mp3
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.ogg
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.otf
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.eot
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.ttf
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.woff
|
|
Cache-Control: public, max-age=604800
|
|
|
|
/*.woff2
|
|
Cache-Control: public, max-age=604800
|