Content-Security-Policy

webees · Nov 15, 2024 · 525e0eb · 525e0eb
1 parent c65dc2c
commit 525e0eb
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/config/Caddyfile b/config/Caddyfile
@@ -15,6 +15,7 @@
 	encode zstd gzip
 
 	header / {
+		Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://*.xvx.cc; frame-ancestors 'self'"
 		# Enable HTTP Strict Transport Security (HSTS)
 		Strict-Transport-Security "max-age=31536000;"
 		# Enable cross-site filter (XSS) and tell browser to block detected attacks