From 124e6c3f09194b85359f4fd73e492d5b314bb6d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fe=CC=81lix=20Pe=CC=81ault?= <hello@flayks.com>
Date: Mon, 12 Jun 2023 15:38:28 +0200
Subject: [PATCH] feat: add security headers for Cloudflare

---
 apps/website/static/_headers | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 apps/website/static/_headers

diff --git a/apps/website/static/_headers b/apps/website/static/_headers
new file mode 100644
index 0000000..26db01e
--- /dev/null
+++ b/apps/website/static/_headers
@@ -0,0 +1,11 @@
+/*
+  X-Content-Type-Options: nosniff
+  X-Frame-Options: SAMEORIGIN
+  X-XSS-Protection: 1; mode=block
+  Referrer-Policy: no-referrer-when-downgrade
+  Permissions-Policy: document-domain=()
+  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
+  Feature-Policy: geolocation 'self'
+
+/:all*(woff2?|jpe?g|png|gif|svg|js|xml|txt|json|css|mp4|webm|avif)
+  Cache-Control: public, max-age=31536000, immutable