Commit 90257be7 authored by Mark van Lent's avatar Mark van Lent
Browse files

Include Feature-Policy header in Nginx config.

For more information, see
parent 0b20326f
......@@ -20,6 +20,7 @@ server {
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy strict-origin-when-cross-origin;
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; frame-src; child-src; object-src 'none'; upgrade-insecure-requests; reflected-xss block;";
add_header Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'";
server_tokens off;
# Location of the content
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment