From 248a4b0e4fda2ae2f4218052d1301673668d435e Mon Sep 17 00:00:00 2001
From: michivonah <info@michivonah.ch>
Date: Sat, 7 Sep 2024 17:43:43 +0200
Subject: [PATCH] add security headers

---
 _headers | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 _headers

diff --git a/_headers b/_headers
new file mode 100644
index 0000000..4c791e3
--- /dev/null
+++ b/_headers
@@ -0,0 +1,12 @@
+/
+  Content-Security-Policy: default-src 'self' michivonah.ch; script-src 'self' unpkg.com; style-src 'self' unpkg.com michivonah.ch fonts.googleapis.com; img-src 'self' michivonah.ch; font-src 'self' unpkg.com fonts.googleapis.com fonts.gstatic.com; upgrade-insecure-requests
+  Permissions-Policy: accelerometer=(), autoplay=(), display-capture=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
+  Referrer-Policy: origin
+  Strict-Transport-Security: max-age=31536000; includeSubDomains
+  X-Content-Type-Options: nosniff
+  X-Frame-Options: DENY
+  X-XSS-Protection: 1; mode=block
+  Cross-Origin-Embedder-Policy: require-corp
+  Cross-Origin-Opener-Policy: same-origin
+  Cross-Origin-Resource-Policy: same-origin
+  Access-Control-Allow-Origin: *
\ No newline at end of file