|
|
|
@ -5,7 +5,7 @@ SecureHeaders::Configuration.default do |config| |
|
|
|
|
} |
|
|
|
|
# Add "; preload" and submit the site to hstspreload.org for best protection. |
|
|
|
|
config.hsts = "max-age=#{20.years.to_i}; includeSubdomains" |
|
|
|
|
config.x_frame_options = "DENY" |
|
|
|
|
config.x_frame_options = "SAMEORIGIN" |
|
|
|
|
config.x_content_type_options = "nosniff" |
|
|
|
|
config.x_xss_protection = "1; mode=block" |
|
|
|
|
config.x_permitted_cross_domain_policies = "none" |
|
|
|
|