diff options
Diffstat (limited to 'hosts/vps/website.nix')
| -rw-r--r-- | hosts/vps/website.nix | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/hosts/vps/website.nix b/hosts/vps/website.nix index fd7f71c..5d767c5 100644 --- a/hosts/vps/website.nix +++ b/hosts/vps/website.nix @@ -1,8 +1,34 @@ { pkgs, config, + lib, ... }: { + options.website.defaultHeaders = lib.mkOption { + type = lib.types.str; + default = '' + header { + -Server + # disable indexing by search engines + + X-Robots-Tag "noindex, nofollow" + # disable FLoC tracking + Permissions-Policy interest-cohort=() + + # enable HSTS + Strict-Transport-Security max-age=31536000; + + # disable clients from sniffing the media type + X-Content-Type-Options nosniff + + # clickjacking protection + X-Frame-Options DENY + + # keep referrer data off of HTTP connections + Referrer-Policy no-referrer-when-downgrade + } + ''; + }; config = { services.caddy = { enable = true; |