-
Notifications
You must be signed in to change notification settings - Fork 0
/
.htaccess
22 lines (22 loc) · 1.05 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<LimitExcept GET POST>
Deny from all
</LimitExcept>
Options -Indexes
Header unset X-WebKit-CSP
Header add X-WebKit-CSP "default-src 'self'"
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate, private"
Header set Pragma "no-cache"
Header set X-Frame-Options "DENY"
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
Header set Strict-Transport-Security "max-age=63072000"
Header set Content-Security-Policy "default-src 'self' ; script-src blob: * 'self' 'unsafe-inline' 'unsafe-eval'; connect-src data: blob: filesystem: *.tile.openstreetmap.org 'self' ; img-src 'self' data: blob: *.openstreetmap.org ; style-src 'self' 'unsafe-inline' ;"
Header set Access-Control-Allow-Origin: *
<FilesMatch "\.(ico|flv|jpg|jpeg|png|gif|js|css|svg)$">
Header set Cache-Control "max-age=604800, private"
</FilesMatch>
<FilesMatch ".*openstreetmap.*\.png$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>