# Global options
{
    email {{ caddy_email }}
}

# Common security response headers
(security-headers) {
    header {
        # disable Google FLoC tracking
        Permissions-Policy interest-cohort=()

        # enable HSTS
        Strict-Transport-Security max-age=31536000

        # disable clients from sniffing the media type
        X-Content-Type-Options nosniff

        # clickjacking protection: refuse to allow rendering this page
        # in a frame, iframe, etc.
        X-Frame-Options DENY

        # keep referrer data off of HTTP connections
        Referrer-Policy no-referrer-when-downgrade
    }
}

# Import additional caddy config files in /etc/caddy/conf.d/
# Note: these are imported in lexical sort order!
import /etc/caddy/conf.d/*