update headers with CSP

6 years ago · 7c9f99038f
parent a02cab5236
commit 7c9f99038f
1 changed files with 1 additions and 0 deletions
--- a/netlify.toml
+++ b/netlify.toml
@ -8,6 +8,7 @@
    Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
    Cache-Control = "public, max-age=31536000"
    Referrer-Policy = "strict-origin-when-cross-origin"
+    Content-Security-Policy = "default-src https:"
    X-Content-Type-Options = "nosniff"
    X-Frame-Options = "DENY"
    X-XSS-Protection = "1; mode=block"