Add security headers - grgr.me - latest commits to https://grgr.me/

commit b6cc48a3f50c561172d2371087eb9984dcf3fa81
parent bab59b7eb0e0d893df5a59b308c11b76c53d943e
Author: corndog <cauchyn@firemail.cc>
Date:   Mon, 27 Aug 2018 17:11:11 -0700

Add security headers

Content Security to only load scripts from my
domain and subdomains.

Referrer Policy to only include referrers on
intra-site linking.

X-Frame-Options to deny my pages loading as a
frame on others.

There are more I can set but I do not find them
necessary at the moment.

Diffstat:
Caddyfile  | 9 +++++++++

1 file changed, 9 insertions(+), 0 deletions(-)
diff --git a/Caddyfile b/Caddyfile
@@ -11,6 +11,15 @@ grgr.me {
   }
   browse /sits/releases
   ext .html .txt
+  header / {
+    Content-Security-Policy "
+      default-src 'self' *.grgr.me
+    "
+    Referrer-Policy "
+      same-origin
+    "
+    X-Frame-Options "DENY"
+  }
   log / .log/access.log "{combined}" {
     rotate { }
   }

	grgr.me latest commits to https://grgr.me/
	Log \| Files \| Refs