...
Bloco de código | ||
---|---|---|
| ||
<httpProtocol> <customHeaders> <add name="X-Content-Type-Options" value="nosniff" /> <add name="X-Xss-Protection" value="1; mode=block" /> <add name="X-Frame-Options" value="SAMEORIGIN" /> <add name="Cache-Control" value="no-store" /> <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains; preload" /> <add name="Cross-Origin-Embedder-Policy" value="require-corp" /> <add name="Cross-Origin-Resource-Policy" value="same-origin" /> <add name="Cross-Origin-Opener-Policy" value="same-origin" /> <add name="Permissions-Policy" value="camera=(self), microphone=(self), geolocation=(self), fullscreen=(self)" /> <add name="Referrer-Policy" value="no-referrer-when-downgrade" /> <add name="Content-Security-Policy" value= " default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://code.jquery.com; style-src style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://www.googletagmanager.com; img-src 'self' data: https://api.tiles.mapbox.com https://c.tile.openstreetmap.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://api.qrserver.com https://chart.googleapis.com; connect-src *"/> 'self' data: https://api.tiles.mapbox.com https://api.qrserver.com https://chart.googleapis.com https://nominatim.openstreetmap.org; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; "/> </customHeaders> </httpProtocol> |
...