diff options
Diffstat (limited to 'thallium-backend/src')
| -rw-r--r-- | thallium-backend/src/app.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/thallium-backend/src/app.py b/thallium-backend/src/app.py index 3e5847c..bd6d080 100644 --- a/thallium-backend/src/app.py +++ b/thallium-backend/src/app.py @@ -41,4 +41,9 @@ async def add_process_time_and_security_headers( response.headers["X-XSS-Protection"] = "1; mode=block" response.headers["Strict-Transport-Security"] = "max-age=31536000" response.headers["X-Content-Type-Options"] = "nosniff" + response.headers["Content-Security-Policy"] = "default-src 'self'" + response.headers["Referrer-Policy"] = "no-referrer" + response.headers["Permissions-Policy"] = ( + "camera=(), display-capture(), fullscreen(), geolocation=(), microphone(), screen-wake-lock(), web-share()" + ) return response |