security stuff?

master
Jay 2 years ago
parent 83141074a6
commit b25ea11f85

@ -3,7 +3,8 @@
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; style-src 'self' https://fonts.googleapis.com; img-src 'self' *.pickmy.org; font-src 'self' https://fonts.gstatic.com; connect-src 'self'; media-src 'self'; object-src 'self'; child-src 'self'; form-action 'none'; base-uri 'self'" />
<meta http-equiv="X-XSS-Protection" content="1;mode=block" always>
<meta http-equiv="Referrer-Policy" content="no-referrer, strict-origin-when-cross-origin">
<meta http-equiv="X-Content-Type-Options" content="nosniff">
<meta http-equiv="X-Frame-Options" content="SAMEORIGIN">
{%- include head.html -%}
<body>

Loading…
Cancel
Save