From 8cf3a2a7263c2e45aa2fecf12bb1922e1e21c2f3 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Fri, 15 May 2026 14:54:54 +0200
Subject: [PATCH] devops(caddy): apply full security_headers snippet to
 GlitchTip vhost

The GlitchTip vhost only had a manual HSTS header; the rest of the
(security_headers) snippet (X-Content-Type-Options, Referrer-Policy,
Permissions-Policy, -Server removal) was missing.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 infra/caddy/Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infra/caddy/Caddyfile b/infra/caddy/Caddyfile
index 6c27bf7d..b3d1e971 100644
--- a/infra/caddy/Caddyfile
+++ b/infra/caddy/Caddyfile
@@ -95,6 +95,6 @@ grafana.archiv.raddatz.cloud {
 }
 
 glitchtip.archiv.raddatz.cloud {
-	header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+	import security_headers
 	reverse_proxy 127.0.0.1:3002
 }