ui_nginx_headers.conf

add_header Content-Security-Policy "worker-src blob: ; child-src blob: ;default-src 'none'; script-src 'self' ${API_MATOMO_URL} 'sha256-quOgp+M4pH4TUco5DwHuTMyTY9AY+DOk4jkIMuGgSJs='; style-src 'self'; font-src 'self'; object-src 'self'; frame-src 'self'; connect-src 'self' ${API_MATOMO_URL} https://openmaptiles.data.gouv.fr https://*.tile.openstreetmap.org https://*.tile.openstreetmap.fr https://geoservices.brgm.fr https://wxs.ign.fr https://datacarto.geoguyane.fr https://gisdata.cerema.fr https://services.data.shom.fr; img-src data: 'self' tile.openstreetmap.org a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org tile.openstreetmap.fr a.tile.openstreetmap.fr b.tile.openstreetmap.fr c.tile.openstreetmap.fr geoservices.brgm.fr wxs.ign.fr datacarto.geoguyane.fr gisdata.cerema.fr services.data.shom.fr; base-uri 'none'; form-action 'self'; frame-ancestors 'none';";
add_header X-Frame-Options "DENY";
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "same-origin";
add_header Permissions-Policy "accelerometer=(), attribution-reporting=(), autoplay=(), browsing-topics=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-prefers-color-scheme=(), ch-prefers-reduced-motion=(), ch-prefers-reduced-transparency=(), ch-rtt=(), ch-save-data=(), ch-ua=(), ch-ua-arch=(), ch-ua-bitness=(), ch-ua-form-factor=(), ch-ua-full-version=(), ch-ua-full-version-list=(), ch-ua-mobile=(), ch-ua-model=(), ch-ua-platform=(), ch-ua-platform-version=(), ch-ua-wow64=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), interest-cohort=(), join-ad-interest-group=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-aggregation=(), private-state-token-issuance=(), private-state-token-redemption=(), publickey-credentials-get=(), run-ad-auction=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), storage-access=(), sync-xhr=(), unload=(), usb=(), window-management=(), xr-spatial-tracking=()";