# Sensible default security headers
/*
  Referrer-Policy: strict-origin-when-cross-origin
  X-Content-Type-Options: nosniff
  X-Frame-Options: sameorigin
  X-XSS-Protection: 1; mode=block

# Super long cache (one year) for vendored assets: web fonts, emojis, etc.
/vendor/*
  Cache-Control: max-age=31536000, public, immutable

# Proper MIME type for Atom feed
/*.atom
  Content-Type: application/atom+xml

# Recommended MIME type for PWA manifests
# https://github.com/w3c/manifest/issues/689
/manifest.json
  Content-Type: application/manifest+json
/*.webmanifest
  Content-Type: application/manifest+json