- dnsPrefetchControl: {
- allow: true
- },
- contentSecurityPolicy: {
- directives: {
- defaultSrc: ['*', 'data:', 'wss:', 'https:'],
- fontSrc: ["'self'", 'data:'],
- frameSrc: ["'none'"],
- mediaSrc: ['*', 'https:'],
- objectSrc: ["'none'"],
- scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
- styleSrc: ["'self'", "'unsafe-inline'"],
- upgradeInsecureRequests: true
- },
- browserSniff: false // assumes a modern browser, but allows CDN in front
- },
- referrerPolicy: {
- policy: 'strict-origin-when-cross-origin'
- }