Hi,
I’m setting up a basic static site, so my Caddyfile is pretty small at the moment, simply pointing to a folder with a bunch of html files generated by a static site generator with file_server
enabled.
I want to apply Security Headers, which I’ve been able to do successfully following the Caddy docs shown here:
The problem is that the security header example on here (using the header {} block) applies security headers to every single request (including image, js and css files). I’m just wondering what would be the most simple way to only apply the security headers to the HTML files. Bear in mind that the site URL path won’t have .html at the end. Is there a way to apply headers based on mime type? Or is it best to add another section to the Caddyfile which then removes the headers from any request containing a file extension?
Thanks in advance for your help.