add security headers

This commit is contained in:
cupcakearmy 2019-08-19 13:16:55 +02:00
parent 5a16a0c40e
commit 7d61dedc92

View File

@ -6,6 +6,17 @@ add_theme_support( 'align-wide' );
add_theme_support( 'title-tag' );
add_theme_support( 'post-thumbnails' );
add_filter( 'wp_headers', function ( $headers ) {
$headers['Content-Security-Policy'] = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; report-uri csp@nicco.io";
$headers['X-Content-Type-Options'] = 'nosniff';
$headers['X-Frame-Options'] = "deny";
$headers['Strict-Transport-Security'] = "max-age=31536000";
$headers['Referrer-Policy'] = "origin";
return $headers;
} );
add_action( 'wp_enqueue_scripts', function () {
// JS
wp_enqueue_script( 'liquet-lights', get_template_directory_uri() . '/js/lights.js' );