-
Notifications
You must be signed in to change notification settings - Fork 33
Expand file tree
/
Copy path_headers
More file actions
102 lines (84 loc) · 4.7 KB
/
_headers
File metadata and controls
102 lines (84 loc) · 4.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# Cloudflare Pages — response headers
# Spec reference: https://specification.website/spec/security/
#
# Strong defaults across the whole site. Tighten per-path as needed.
#
# CSP script-src hashes:
# sha256-YMhX… — dark-mode init inline script
# sha256-UU9x… — speculationrules block in BaseLayout.astro (keep
# 'inline-speculation-rules' too; the hash is the fallback for
# contexts where Chrome ignores that keyword). Recompute the hash
# if those rules change.
/*
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
Content-Security-Policy: default-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules' 'sha256-YMhXyHqVQOVFY4y6j7AQOb5vzz62w9OPyJL++m3zbPY=' 'sha256-UU9xsfeOKmx3D7Lk33alkWn1rIjk46pD684u4pupy4o=' https://plausible.io; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self' https://plausible.io; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; object-src 'none'; upgrade-insecure-requests
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-site
X-Frame-Options: DENY
No-Vary-Search: params=("utm_source" "utm_medium" "utm_campaign" "utm_content" "utm_term" "gclid" "fbclid" "msclkid" "mc_cid" "mc_eid" "ref"), key-order
Link: </llms.txt>; rel="describedby"; type="text/markdown"; title="Site index for LLMs", </llms-full.txt>; rel="alternate"; type="text/markdown"; title="Full content as Markdown", </.well-known/api-catalog>; rel="api-catalog"; type="application/linkset+json", </.well-known/mcp/server-card.json>; rel="mcp"; type="application/json"; title="MCP server card", <https://mcp.specification.website/mcp>; rel="related"; title="MCP endpoint", </.well-known/agent-card.json>; rel="service-desc"; type="application/json"; title="A2A agent card", <https://mcp.specification.website/a2a/v1>; rel="related"; title="A2A endpoint", </.well-known/agent-skills/index.json>; rel="agent-skills"; type="application/json"; title="Agent Skills discovery index", </sitemap-index.xml>; rel="sitemap"; type="application/xml", </rss.xml>; rel="alternate"; type="application/rss+xml", </.well-known/security.txt>; rel="security"; type="text/plain"
# Long cache for fingerprinted assets
/_astro/*
Cache-Control: public, max-age=31536000, immutable
/fonts/*
Cache-Control: public, max-age=31536000, immutable
# Well-known files served with the right type
/.well-known/security.txt
Content-Type: text/plain; charset=utf-8
Cache-Control: public, max-age=3600
/llms.txt
Content-Type: text/plain; charset=utf-8
/llms-full.txt
Content-Type: text/plain; charset=utf-8
/robots.txt
Content-Type: text/plain; charset=utf-8
/humans.txt
Content-Type: text/plain; charset=utf-8
# Per-page Markdown source served from /spec/<category>/<slug>.md
/spec/*.md
Content-Type: text/markdown; charset=utf-8
Cache-Control: public, max-age=3600
# Per-page JSON-LD graph served from /spec/<category>/<slug>.jsonld
/spec/*.jsonld
Content-Type: application/ld+json; charset=utf-8
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
# Schemamap index — JSON-LD discovery for the whole site
/schemamap.xml
Content-Type: application/xml; charset=utf-8
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
# XML sitemaps — index + per-category + general pages
/sitemap-*.xml
Content-Type: application/xml; charset=utf-8
Cache-Control: public, max-age=3600
# Sitemap XSL stylesheet — styles the XML when viewed in a browser
/sitemap.xsl
Content-Type: application/xslt+xml; charset=utf-8
Cache-Control: public, max-age=3600
# RFC 9727 — Publishing Organisation API Information
/.well-known/api-catalog
Content-Type: application/linkset+json; charset=utf-8
Cache-Control: public, max-age=3600
# MCP server card discovery
/.well-known/mcp/server-card.json
Content-Type: application/json; charset=utf-8
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
# A2A agent card discovery (a2a-protocol.org)
/.well-known/agent-card.json
Content-Type: application/json; charset=utf-8
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
# Agent Skills Discovery (RFC v0.2.0)
/.well-known/agent-skills/index.json
Content-Type: application/json; charset=utf-8
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *
/.well-known/agent-skills/*/SKILL.md
Content-Type: text/markdown; charset=utf-8
Cache-Control: public, max-age=3600
Access-Control-Allow-Origin: *