GhanshyamBhava · February 1, 2021 11:21
diff --git a/.htaccess b/.htaccess
 # Security header for website

 Header set X-Permitted-Cross-Domain-Policies "none"
 Header set X-Content-Type-Options "nosniff"
 Header set X-XSS-Protection "1; mode=block"
 Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
 Header set X-Frame-Options "SAMEORIGIN"
 Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
 Header set Expect-CT enforce,max-age=2592000
 Header set Referrer-Policy "origin"
 Header set Permissions-Policy "geolocation=();midi=();notifications=();push=();sync-xhr=();microphone=();camera=();magnetometer=();gyroscope=();speaker=(self);vibrate=();fullscreen=(self);payment=();"

 # This will affect your website it won't allow you to access resources from cross site
 Header set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'none' img-src https://www.domain.com/;"
	# Security header for website

	Header set X-Permitted-Cross-Domain-Policies "none"
	Header set X-Content-Type-Options "nosniff"
	Header set X-XSS-Protection "1; mode=block"
	Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
	Header set X-Frame-Options "SAMEORIGIN"
	Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
	Header set Expect-CT enforce,max-age=2592000
	Header set Referrer-Policy "origin"
	Header set Permissions-Policy "geolocation=();midi=();notifications=();push=();sync-xhr=();microphone=();camera=();magnetometer=();gyroscope=();speaker=(self);vibrate=();fullscreen=(self);payment=();"

	# This will affect your website it won't allow you to access resources from cross site
	Header set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'none' img-src https://www.domain.com/;"