- 'set X-Frame-Options: sameorigin'
- 'set X-XSS-Protection: "1; mode=block"'
- 'set X-Content-Type-Options: nosniff'
- - "set Content-Security-Policy: \"default-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.spendino.de storify.com; frame-src w.soundcloud.com player.vimeo.com www.youtube.com api.spendino.de storify.com; frame-ancestors 'self'\""
- - "set X-Content-Security-Policy: \"default-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.spendino.de storify.com; frame-src w.soundcloud.com player.vimeo.com www.youtube.com api.spendino.de storify.com; frame-ancestors 'self'\""
+ - "set Content-Security-Policy: \"default-src 'self'; img-src 'self' analytics.spd.de; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.spendino.de storify.com analytics.spd.de; frame-src 'self' analytics.spd.de w.soundcloud.com player.vimeo.com www.youtube.com www.youtube-nocookie.com api.spendino.de storify.com streaming.b1group.de; frame-ancestors 'self'\""
+ - "set X-Content-Security-Policy: \"default-src 'self'; img-src 'self' analytics.spd.de; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.spendino.de storify.com analytics.spd.de; frame-src 'self' analytics.spd.de w.soundcloud.com player.vimeo.com www.youtube.com www.youtube-nocookie.com api.spendino.de storify.com streaming.b1group.de; frame-ancestors 'self'\""
headers_ssl:
- 'always set Strict-Transport-Security "max-age=31556926"'
directories:
projects / pixelpark / hiera.git / commitdiff