# Use these directives to add security. Unfortunately, they don't currently appear to work with our implementation
# They block programmatic access to the iframe completely!

# add_header Cross-Origin-Embedder-Policy require-corp;
# add_header Cross-Origin-Opener-Policy same-origin;
# add_header Access-Control-Allow-Origin: https://pwa.kiwix.org;