From e1aab6ecfbb7533a8c49b5dcb51bc51623c1feee Mon Sep 17 00:00:00 2001
From: Edwin Lyon <53972157+practical-engelbart@users.noreply.github.com>
Date: Sat, 31 Oct 2020 21:30:14 -0700
Subject: [PATCH] Update headers.conf

---
 nginx/snippets/headers.conf | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/nginx/snippets/headers.conf b/nginx/snippets/headers.conf
index c600bf6..d48f7ce 100644
--- a/nginx/snippets/headers.conf
+++ b/nginx/snippets/headers.conf
@@ -1,6 +1,6 @@
+add_header Cache-Control "no-transform";
 add_header X-XSS-Protection "1; mode=block";
-add_header Referrer-Policy "no-referrer"; 
-add_header X-Content-Type-Options nosniff;
-add_header X-Frame-Options "DENY";
-add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none' *.example.com; script-src 'none'; style-src 'self' https: 'unsafe-inline'; img-src *; object-src 'none';frame-ancestors 'self' *.example.com";
-add_header Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; sync-xhr 'self' https://haveibeenpwned.com https://twofactorauth.org; usb 'none'; vr 'none'";
+add_header Referrer-Policy "no-referrer";
+add_header X-UA-Compatible "IE=Edge";
+add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://*.example.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapi.com https://cdnjs.cloudflare.com https://*.example.com; img-src * data: https:; font-src 'self' data: https: https://*.example.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; object-src 'none'; frame-src *; frame-ancestors 'self'; upgrade-insecure-requests;";
+add_header Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; sync-xhr 'self' https://haveibeenpwned.com https://twofactorauth.org; usb 'none'; vr 'none'";