# Cloudflare Pages response headers for the Cerynix support portal.
# Same strict policy as the landing site. The portal serves its own
# screenshots as same-origin assets, so img-src is 'self' (plus data:).
# Keep in sync if you add asset hosts.
/*
  Content-Security-Policy: default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'self' mailto:
  X-Content-Type-Options: nosniff
  Referrer-Policy: strict-origin-when-cross-origin
  Permissions-Policy: geolocation=(), microphone=(), camera=(), interest-cohort=()
  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
  X-Frame-Options: DENY
