# Sensible default security headers
#  - More info: https://scotthelme.co.uk/hardening-your-http-response-headers/
#  - Test website: https://securityheaders.com/
/*
  Referrer-Policy: strict-origin-when-cross-origin
  X-Content-Type-Options: nosniff
  X-Frame-Options: sameorigin

# Super long cache for web fonts (one year)
/fonts/*
  Cache-Control: max-age=31536000, public, immutable, no-transform

# Recommended MIME type for PWA manifests
# https://github.com/w3c/manifest/issues/689
/manifest.json
  Content-Type: application/manifest+json; charset=UTF-8
/*.webmanifest
  Content-Type: application/manifest+json; charset=UTF-8