/
  X-Frame-Options: DENY
  X-XSS-Protection: 1; mode=block

/api/
  X-Frame-Options: DENY
  X-XSS-Protection: 1; mode=block

/config/
  X-Frame-Options: DENY
  X-XSS-Protection: 1; mode=block

/guide/
  X-Frame-Options: DENY
  X-XSS-Protection: 1; mode=block

/*.html
  X-Frame-Options: DENY
  X-XSS-Protection: 1; mode=block

/*
  X-Content-Type-Options: nosniff
  Referrer-Policy: no-referrer
  Strict-Transport-Security: max-age=31536000; includeSubDomains

/assets/*
  cache-control: max-age=31536000
  cache-control: immutable
