From 806e799945b8eb9758b879531dc79b36911de4cd Mon Sep 17 00:00:00 2001
From: Noel Quiles <3746694+EnMod@users.noreply.github.com>
Date: Tue, 25 Feb 2020 19:11:47 -0500
Subject: [PATCH] [Website] Set security-focused page headers

- Sets X-Frame-Options to SAMEORIGIN
- Sets Strict-Transport-Security to:
  max-age=31536000; includeSubDomains; preload
---
 website/config.rb              | 1 +
 website/source/netlify-headers | 3 +++
 2 files changed, 4 insertions(+)
 create mode 100644 website/source/netlify-headers

diff --git a/website/config.rb b/website/config.rb
index de2b97c4e..bc72d0391 100644
--- a/website/config.rb
+++ b/website/config.rb
@@ -112,3 +112,4 @@ end
 
 # Netlify redirects/headers
 proxy '_redirects', 'netlify-redirects', ignore: true
+proxy '_headers', 'netlify-headers', ignore: true
diff --git a/website/source/netlify-headers b/website/source/netlify-headers
new file mode 100644
index 000000000..24228d0c7
--- /dev/null
+++ b/website/source/netlify-headers
@@ -0,0 +1,3 @@
+/*
+  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
+  X-Frame-Options: SAMEORIGIN
\ No newline at end of file