Caddy
text
mydomain.com {
header {
X-Frame-Options DENY
Referrer-Policy no-referrer-when-downgrade
}
@svg {
file
path *.svg
}
header @svg Content-Security-Policy "script-src 'none'"
@default {
not path /theme/* /media/* /thumbnail/* /bundles/* /css/* /fonts/* /js/* /recovery/* /sitemap/*
}
root * public
php_fastcgi 127.0.0.1:9000
encode zstd gzip
file_server
}