Add security headers to the website.

The one bit of JS we have for the mobile menu needed some tweaking. Signed-off-by: Matt Moyer <moyerm@vmware.com>
2026-02-14 18:10:17 +00:00 · 2021-02-23 14:26:58 -06:00
parent 60034b39a3
commit a4089fcc72
3 changed files with 13 additions and 2 deletions
--- a/site/netlify.toml
+++ b/site/netlify.toml
@@ -33,3 +33,11 @@ HUGO_ENABLEGITINFO = "true"
  for = "/fonts/*"
  [headers.values]
    Access-Control-Allow-Origin = "*"
+
+[[headers]]
+  for = "/*"
+  [headers.values]
+    Content-Security-Policy = "default-src 'self'; img-src *"
+    X-Content-Type-Options = "nosniff"
+    X-Frame-Options = "DENY"
+    X-XSS-Protection = "1; mode=block"