Handy default Netlify toml file settings

Handy default Netlify toml file settings

With Netlify it's quite easy to quickly spin up a new website with a lot of good default out the box, but there's a few options that are good to set for both security and seo reasons.

Firstly it's good practice to have some headers set to improve security. For example setting X-Content-Type-Options to nosniff will disable sniffing of mime types. Setting X-Frame-Options to DENY will prevent the website being rendered in a frame on another site and Referrer-Policy of same-origin will reduce the amount of referrer information sent to other websites.

It's also a good idea to setup a redirect on the Netlify subdomain that Netlify will have created for your site. If you don't, then you could find the wrong URL ending up in Google.

1[[headers]]
2  for = "/*"
3  [headers.values]
4    Referrer-Policy = "same-origin"
5    Strict-Transport-Security = "max-age=15768000"
6    X-Content-Type-Options = "nosniff"
7    X-Frame-Options = "DENY"
8    X-XSS-Protection = "1; mode=block"
9[[redirects]]
10  from = "https://example.netlify.app"
11  to = "https://example.com/"
12  status = 301
13  force = true