portails/content/docs/core-hyas/security.md

38 lines
1.3 KiB
Markdown
Raw Normal View History

2020-11-04 08:26:58 +01:00
---
title: "Security"
description: "Get A+ scores on Mozilla Observatory out of the box. Easily change the default Security Headers to suit your needs."
lead: "Get A+ scores on <a href=\"https://observatory.mozilla.org/analyze/hyas.netlify.app\">Mozilla Observatory</a> out of the box. Easily change the default Security Headers to suit your needs."
date: 2020-09-17T13:48:09+02:00
lastmod: 2020-09-17T13:48:09+02:00
draft: false
images: []
menu:
docs:
parent: "core-hyas"
weight: 210
toc: true
---
## Security Headers
`./layouts/index.headers` excerpt:
```bash
/*
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'none'; manifest-src 'self'; connect-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin
```
See also: [Headers]({{< ref "netlify#headers" >}}).
### Content Security Policy
💡 [Laboratory](https://addons.mozilla.org/nl/firefox/addon/laboratory-by-mozilla/) is an experimental Firefox extension that helps you generate a Content Security Policy (CSP) header for your website.
## Subresource Integrity
[Subresource Integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) is implemented with [Hugo](https://gohugo.io/hugo-pipes/fingerprint/) on styles and scripts.