test: improve security ranking

2 files changed, 20 insertions, 0 deletions

diff --git a/tests/exampleSiteWithImage/hugo.toml b/tests/exampleSiteWithImage/hugo.toml
index 6c110aa..b626921 100644
--- a/tests/exampleSiteWithImage/hugo.toml
+++ b/tests/exampleSiteWithImage/hugo.toml
@@ -102,3 +102,13 @@ copyright = "©2024 Your Name"
   # Please keep the original attribution link when using for your own project.
   # If you'd like to use the template without the attribution, you can check out
   # the license option via the template author's website: https://onepagelove.com/split
+
+[server]
+[[server.headers]]
+    for = '/**'
+    [server.headers.values]
+      Content-Security-Policy = "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://dummyimage.com"
+      Referrer-Policy = 'strict-origin-when-cross-origin'
+      X-Content-Type-Options = 'nosniff'
+      X-Frame-Options = 'DENY'
+      X-XSS-Protection = '1; mode=block'
diff --git a/tests/exampleSiteWithVideo/hugo.toml b/tests/exampleSiteWithVideo/hugo.toml
index 67d69bd..33efa81 100644
--- a/tests/exampleSiteWithVideo/hugo.toml
+++ b/tests/exampleSiteWithVideo/hugo.toml
@@ -102,3 +102,13 @@ copyright = "©2024 Your Name"
   # Please keep the original attribution link when using for your own project.
   # If you'd like to use the template without the attribution, you can check out
   # the license option via the template author's website: https://onepagelove.com/split
+
+[server]
+[[server.headers]]
+    for = '/**'
+    [server.headers.values]
+      Content-Security-Policy = "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://dummyimage.com"
+      Referrer-Policy = 'strict-origin-when-cross-origin'
+      X-Content-Type-Options = 'nosniff'
+      X-Frame-Options = 'DENY'
+      X-XSS-Protection = '1; mode=block'