mirror of
https://github.com/jakejarvis/jarv.is.git
synced 2025-04-27 14:16:20 -04:00
20 lines
578 B
Plaintext
20 lines
578 B
Plaintext
# Sensible default security headers:
|
|
/*
|
|
Referrer-Policy: strict-origin-when-cross-origin
|
|
X-Content-Type-Options: nosniff
|
|
X-Frame-Options: sameorigin
|
|
X-XSS-Protection: 1; mode=block
|
|
|
|
# Long cache (one week) for vendored and fingerprinted assets:
|
|
/css/*
|
|
Cache-Control: public, max-age=604800, immutable
|
|
/js/*
|
|
Cache-Control: public, max-age=604800, immutable
|
|
/vendor/*
|
|
Cache-Control: public, max-age=604800, immutable
|
|
|
|
# Recommended MIME type for PWA manifests:
|
|
# https://github.com/w3c/manifest/issues/689
|
|
/site.webmanifest
|
|
Content-Type: application/manifest+json
|