From 8d82be95185b1e82c4cdb4fa0f964455fcc5ce59 Mon Sep 17 00:00:00 2001
From: AtomHare <leo.lelievre@yahoo.fr>
Date: Sat, 18 Sep 2021 19:17:25 +0200
Subject: [PATCH] update headers

---
 template/Caddyfile | 44 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 42 insertions(+), 2 deletions(-)

diff --git a/template/Caddyfile b/template/Caddyfile
index 0aabe7c..5b85577 100644
--- a/template/Caddyfile
+++ b/template/Caddyfile
@@ -8,10 +8,36 @@
 
 FRONTEND_HOSTNAME {
   reverse_proxy pipedfrontend:80
+  header {
+  # disable FLoC tracking
+  Permissions-Policy interest-cohort=()
+
+  # enable HSTS
+  Strict-Transport-Security max-age=31536000;
+
+  # keep referrer data off
+  Referrer-Policy no-referrer
+
+  # prevent for appearing in search engine for private instances (option)
+  #X-Robots-Tag noindex
+  }
 }
 
 BACKEND_HOSTNAME {
   reverse_proxy varnish:80
+  header {
+  # disable FLoC tracking
+  Permissions-Policy interest-cohort=()
+
+  # enable HSTS
+  Strict-Transport-Security max-age=31536000;
+
+  # keep referrer data off
+  Referrer-Policy no-referrer
+
+  # prevent for appearing in search engine for private instances (option)
+  #X-Robots-Tag noindex
+  }
 }
 
 PROXY_HOSTNAME {
@@ -22,8 +48,22 @@ PROXY_HOSTNAME {
     method OPTIONS
   }
 
-  header Access-Control-Allow-Origin *
-  header Access-Control-Allow-Headers *
+  header {
+  Access-Control-Allow-Origin *
+  Access-Control-Allow-Headers *
+  
+  # disable FLoC tracking
+  Permissions-Policy interest-cohort=()
+
+  # enable HSTS
+  Strict-Transport-Security max-age=31536000;
+
+  # keep referrer data off
+  Referrer-Policy no-referrer
+
+  # prevent for appearing in search engine for private instances (option)
+  #X-Robots-Tag noindex
+  }
 
   route {