<IfModule mod_headers.c> | |
Header unset Content-Security-Policy | |
Header always set Content-Security-Policy "default-src 'self'; \ | |
script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app analytics.umami.is www.youtube.com www.googletagmanager.com www.google-analytics.com; \ | |
style-src 'self' 'unsafe-inline'; \ | |
img-src * blob: data:; \ | |
media-src *.s3.amazonaws.com; \ | |
connect-src *; \ | |
font-src 'self'; \ | |
frame-src www.youtube.com youtube.com giscus.app youtu.be;" | |
</IfModule> |