Code: [ Select all ]
# -------------------------------------------
# Security Headers
# -------------------------------------------
# Disable Google FLoC
Header always set Permissions-Policy: interest-cohort=()
# Other Security headers
Header always set Strict-Transport-Security: "max-age=31536000" env=HTTPS
Header always set Content-Security-Policy "upgrade-insecure-requests"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set Expect-CT "max-age=7776000, enforce"
Header always set Referrer-Policy: "no-referrer-when-downgrade"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Feature-Policy: "microphone 'none'; camera 'none'; geolocation 'none'"
Code: [ Select all ]
# -------------------------------------------
# Security Headers
# -------------------------------------------
<IfModule>
# Disable Google FLoC
Header always set Permissions-Policy: interest-cohort=()
# Other Security headers
Header always set Strict-Transport-Security: "max-age=31536000" env=HTTPS
Header always set Content-Security-Policy "upgrade-insecure-requests"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set Expect-CT "max-age=7776000, enforce"
Header always set Referrer-Policy: "no-referrer-when-downgrade"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Feature-Policy: "microphone 'none'; camera 'none'; geolocation 'none'"
</IfModule>