# THIS FILE IS MANAGED BY SALT! NO TOUCHY TOUCHY, JUST LOOKY LOOKY!

(header) {
	header {
		# disable FLoC tracking
		Permissions-Policy interest-cohort=()

		# enable HSTS
		Strict-Transport-Security max-age=31536000;

		# disable clients from sniffing the media type
		X-Content-Type-Options nosniff

		# clickjacking protection
		X-Frame-Options DENY

		# keep referrer data off of HTTP connections
		Referrer-Policy no-referrer-when-downgrade

		X-XSS-Protection 1

		Content-Security-Policy default-src https:
	}
}

{% for site in salt['pillar.get']('caddy:sites') %}
{{ site }}
{% endfor %}