Cyberjinh_Website/.htaccess
2021-03-05 18:15:54 +01:00

15 lines
970 B
ApacheConf

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://cyberjinh.fr/$1 [R,L]
Header always set Strict-Transport-Security "max-age=2592000; includeSubDomains; preload
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "same-origin"
Header always set Feature-Policy "microphone 'none'; payment 'none'; sync-xhr 'self' https://cyberjinh.fr"
Header always set X-FRAME-OPTIONS "DENY"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always set Content-Security-Policy: "default-src 'none';"
Header always set Content-Security-Policy: "script-src 'self' https://cyberjinh.fr;"
Header always set Content-Security-Policy: "style-src 'self' https://cyberjinh.fr;"
Header always set Content-Security-Policy: "img-src 'self' https://cyberjinh.fr https://xmpp.net https://compliance.conversations.im https://static.fsf.org;"