- 'set X-Content-Type-Options: nosniff'
- 'set X-XSS-Protection: "1; mode=block"'
- 'set X-Frame-Options: "ALLOW-FROM https://dev-cms01-ngcc-daimler.pixelpark.net"'
- - "set Content-Security-Policy: \"default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.youtube.com; frame-ancestors 'self'; media-src 'self' data:; child-src https://*.youtube.com\""
- - "set X-Content-Security-Policy: \"default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.youtube.com; frame-ancestors 'self'; media-src 'self' data:; child-src https://*.youtube.com\""
+ - "set Content-Security-Policy: \"default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.youtube.com https://s.ytimg.com https://connect.facebook.net; frame-ancestors 'self'; media-src 'self' data:; img-src 'self' https://*.facebook.com; child-src https://*.youtube.com https://*.facebook.com\""
+ - "set X-Content-Security-Policy: \"default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.youtube.com https://s.ytimg.com https://connect.facebook.net; frame-ancestors 'self'; media-src 'self' data:; img-src 'self' https://*.facebook.com; child-src https://*.youtube.com https://*.facebook.com\""
headers_ssl:
- 'always set Strict-Transport-Security "max-age=31556926"'
custom_fragment: |
projects / pixelpark / hiera.git / commitdiff