netlify.toml

[build.environment]
  NODE_VERSION = "16"
  NPM_FLAGS = "--version" # prevent Netlify npm install

[build]
  command = "npx pnpm i --store=node_modules/.pnpm-store && npx pnpm run build"
  publish = "dist"

[[headers]]
  for = "/*"
  [headers.values]
    X-Robots-Tag = "noindex, nofollow"
    cache-control = "public,max-age=300"
    X-Frame-Options = "SAMEORIGIN"
    X-XSS-Protection = "1; mode=block"
    X-Content-Type-Options = "nosniff"
    # https://report-uri.com/home/generate
    Content-Security-Policy = "default-src 'self' 'unsafe-inline'; prefetch-src 'self'; connect-src 'self'; img-src 'self' 'unsafe-inline' data:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-src 'none'; form-action 'none'; object-src 'none'; require-trusted-types-for 'script';"
    #Content-Security-Policy = "default-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.cloudfront.net; prefetch-src 'self'; connect-src 'self' google-analytics.com *.google-analytics.com; img-src 'self' 'unsafe-inline' *.google-analytics.com; media-src 'self' *.youtube.com; style-src 'self' 'unsafe-inline' googleapis.com *.googleapis.com cloudfront.net *.cloudfront.net; script-src 'self' 'unsafe-inline' *.google-analytics.com  *.googletagmanager.com *.cloudfront.net; frame-src 'self' https://www.youtube.com/ https://vimeo.com; form-action 'self' https:; object-src 'none'; require-trusted-types-for 'script';"
    Referrer-Policy = "strict-origin-when-cross-origin"
    Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
    Accept-CH = "Downlink,RTT,Device-Memory,Save-Data,DPR,Width"
    # Permissions-Policy = "vibrate 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none'"
    Permissions-Policy = "interest-cohort=(), autoplay=(), camera=(), geolocation=(), microphone=(), midi=(), usb=()"

# https://codewithhugo.com/enable-cdn-netlify/
[[headers]]
  for = "*.css"
  [headers.values]
    Cache-Control = "public, max-age=604800, must-revalidate"
    # public, max-age=31536000, immutable
[[headers]]
  for = "*.js"
  [headers.values]
    Cache-Control = "public, max-age=604800, must-revalidate"
    # public, max-age=31536000, immutable
[[headers]]
  for = "/favicon.ico"
  [headers.values]
    Cache-Control = "public, max-age=31536000"
[[headers]]
  for = "/assets/logo.svg"
  [headers.values]
    Cache-Control = "public, max-age=31536000"
[[headers]]
  for = "/assets/fonts/*"
  [headers.values]
    Cache-Control = "public, max-age=31536000, immutable"

[[headers]]
  for = "/assets/images/*"
  [headers.values]
    Cache-Control = "public, max-age=31536000"
[[headers]]
  for = "/assets/*.webp"
  [headers.values]
    Cache-Control = "public, max-age=31536000"
[[headers]]
  for = "/assets/*.avif"
  [headers.values]
    Cache-Control = "public, max-age=31536000"
[[headers]]
  for = "/assets/*.jpeg"
  [headers.values]
    Cache-Control = "public, max-age=31536000"
[[headers]]
  for = "/assets/*.jpg"
  [headers.values]
    Cache-Control = "public, max-age=31536000"