From 9addeb0d71b5551ede876564bff4f3ba3b696ec0 Mon Sep 17 00:00:00 2001
From: Harsh Shandilya <msfjarvis@gmail.com>
Date: Fri, 23 Aug 2019 00:28:03 +0530
Subject: [PATCH] Caddyfile: Set some headers for improved security

Signed-off-by: Harsh Shandilya <msfjarvis@gmail.com>
---
 Caddyfile | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/Caddyfile b/Caddyfile
index 133be91..969660b 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -3,6 +3,15 @@
     tls {
         dns cloudflare
     }
+    header / {
+        # Security related changes stolen from https://github.com/searx/searx-docker/blob/master/Caddyfile
+        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+        X-XSS-Protection "1; mode=block"
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "SAMEORIGIN"
+        Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
+        Referrer-Policy "no-referrer"
+    }
 }
 
 (proxy_config) {