Get A+ scores on Mozilla Observatory out of the box. Easily change the default Security Headers to suit your needs.

Security Headers

./layouts/index.headers excerpt:

  X-Content-Type-Options: nosniff
  X-XSS-Protection: 1; mode=block
  Content-Security-Policy: default-src 'none'; manifest-src 'self'; connect-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'
  X-Frame-Options: SAMEORIGIN
  Referrer-Policy: strict-origin

See also: Headers.

Content Security Policy

💡 Laboratory is an experimental Firefox extension that helps you generate a Content Security Policy (CSP) header for your website.

Subresource Integrity

Subresource Integrity is implemented with Hugo on styles and scripts.

Edit this page on GitHub