-
-
Save sepiariver/c1dee0dbac48af93d0a1e64973d05eba to your computer and use it in GitHub Desktop.
Apache Security Headers Setup for Serverpilot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Header set Connection keep-alive | |
ExpiresActive On | |
ExpiresByType image/jpg "access 1 year" | |
ExpiresByType image/jpeg "access 1 year" | |
ExpiresByType image/gif "access 1 year" | |
ExpiresByType image/png "access 1 year" | |
ExpiresByType image/svg+xml "access 1 month" | |
ExpiresByType text/css "access 1 month" | |
ExpiresByType application/pdf "access 1 month" | |
ExpiresByType application/javascript "access 1 month" | |
ExpiresByType application/x-shockwave-flash "access 1 month" | |
ExpiresByType image/x-icon "access 1 year" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Header always set X-Frame-Options SAMEORIGIN | |
Header always set X-XSS-Protection 1;mode=block | |
Header always set X-Content-Type-Options nosniff | |
Header always edit Set-Cookie ^(.*)$ $1;Secure env=HTTPS | |
Header always set Strict-Transport-Security "max-age=15552000;" env=HTTPS | |
Header set Expect-CT: "max-age=86400" env=HTTPS | |
Header always set Referrer-Policy: strict-origin-when-cross-origin | |
Header set Content-Security-Policy "default-src 'self';" | |
# By default disallow all features, opt into what is required (eg geolocation) | |
Header set Feature-Policy: "" | |
# Ideally the following set of directivse should be set instead of the above | |
# to ensure that all domain properties are fully SSL secured | |
#Header set Strict-Transport-Security: "max-age=15552000;includeSubdomains" | |
<Location "/"> | |
AllowMethods GET POST HEAD | |
</Location> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment