# Adds custom security headers for development environment only
[[headers]]
for = '/**'
[headers.values]
  # Content-Security-Policy = 'script-src localhost:1313'
  Referrer-Policy = 'strict-origin-when-cross-origin'
  X-Content-Type-Options = 'nosniff'
  X-Frame-Options = 'DENY'
  X-XSS-Protection = '1; mode=block'