From ef5c24cae5b74d1e04e7f7f1eeaa496954935d99 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Wed, 30 Nov 2022 12:03:14 +0200
Subject: [PATCH] make sure resources have all headers too

---
 nginx-serve-static.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nginx-serve-static.conf b/nginx-serve-static.conf
index 545534ad6..f211e54d7 100644
--- a/nginx-serve-static.conf
+++ b/nginx-serve-static.conf
@@ -1,6 +1,11 @@
 root /;
 try_files $uri =404;
 add_header 'Cache-Control' "public, max-age=3153600";
+add_header Referrer-Policy "same-origin";
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
+add_header X-Frame-Options "deny";
+add_header X-Content-Type-Options "nosniff";
+add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' challenges.cloudflare.com; connect-src 'self' tls-use1.fpapi.io api.fpjs.io 00bb6d59-7b11-4339-b1ae-b1f1259d1316.pushnotifications.pusher.com; object-src 'none';";
 
 sendfile on;
 sendfile_max_chunk 1m;