Push a temporary HSTS hack because for netlify broken root-level domains

Signed-off-by: Ari Archer <ari.web.xyz@gmail.com>
2025-02-04 17:49:24 +01:00 · 2022-09-25 05:04:58 +03:00 · 2022-09-25 05:04:58 +03:00 · f8e98feabc
commit f8e98feabc
parent 66a9d4b400
1 changed files with 7 additions and 0 deletions
--- a/netlify.toml
+++ b/netlify.toml
@ -192,3 +192,10 @@
        X-Permitted-Cross-Domain-Policies = "none"
        Referrer-Policy = "no-referrer"

+[[headers]]
+    for = "https://ari-web.xyz"
+
+    [headers.values]
+        Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
+        Content-Security-Policy = "upgrade-insecure-requests"
+        Referrer-Policy = "no-referrer"