-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.htaccess
More file actions
48 lines (36 loc) · 1.55 KB
/
Copy path.htaccess
File metadata and controls
48 lines (36 loc) · 1.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Security Headers
<IfModule mod_headers.c>
# Content Security Policy
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' cdn.gifo.wisestamp.com img.icons8.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: cdn.gifo.wisestamp.com img.icons8.com; connect-src 'self'; frame-ancestors 'none';"
# X-Frame-Options
Header always set X-Frame-Options "DENY"
# X-Content-Type-Options
Header always set X-Content-Type-Options "nosniff"
# X-XSS-Protection
Header always set X-XSS-Protection "1; mode=block"
# Strict-Transport-Security (only if using HTTPS)
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Referrer Policy
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# Permissions Policy
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
</IfModule>
# Force HTTPS redirect
<IfModule mod_rewrite.c>
RewriteEngine On
# Force HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Block access to phpinfo
RewriteRule ^(.*)phpinfo(.*)$ - [F,L]
# Block access to sensitive files
RewriteRule ^\.htaccess$ - [F,L]
RewriteRule ^\.env$ - [F,L]
</IfModule>
# Disable server signature
ServerSignature Off
# Hide Apache version
<IfModule mod_headers.c>
Header unset Server
Header always unset X-Powered-By
</IfModule>