diff --git a/netlify.toml b/netlify.toml index cb8d277e98..b3342dfa48 100644 --- a/netlify.toml +++ b/netlify.toml @@ -21,9 +21,9 @@ [headers.values] X-Frame-Options = "DENY" X-XSS-Protection = "1; mode=block" - Content-Security-Policy = "default-src 'self'" - Cache-Control = "public, max-age=0, must-revalidate" - Strict-Transport-Security = "max-age=31536000" + Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:" + Cache-Control = "public, max-age=31536000, must-revalidate" + Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload" [[headers]] for = "*.html"