customHttp.yml

customHeaders:
  - pattern: '**'
    headers:
      - key: 'Referrer-Policy'
        value: 'strict-origin-when-cross-origin'
      - key: 'Strict-Transport-Security'
        value: 'max-age=300'
      - key: 'Permissions-Policy'
        value: 'geolocation=(), microphone=(), camera=()'
      - key: 'X-Frame-Options'
        value: 'SAMEORIGIN'
      - key: 'X-XSS-Protection'
        value: '1; mode=block'
      - key: 'X-Content-Type-Options'
        value: 'nosniff'
      # - key: 'Content-Security-Policy'
      #   value: "default-src 'self'; style-src 'self' 'unsafe-inline' 'https://unpkg.com/react-leaflet-markercluster/dist/styles.min.css' 'sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC' 'sha512-xodZBNTC5n17Xt2atTPuE1HxjVMSvLVW9ocqUKLsCC5CXdbqCmblAshOMAS6/keqq/sMZMZ19scR4PsZChSR7A==' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://kit.fontawesome.com 'sha512-XQoYMqMTK8LvdxXYG3nZ448hOEQiglfqkJs1NOQV44cWnUrBc8PkAOcXy20w0vlaXaVUearIOBhiXZ5V3ynxwA==' 'sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM' "