GhanshyamBhava/.htaccess

## .htaccess
# Security header for website

Header set X-Permitted-Cross-Domain-Policies "none"
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header set X-Frame-Options "SAMEORIGIN"
Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
Header set Expect-CT enforce,max-age=2592000
Header set Referrer-Policy "origin"
Header set Permissions-Policy "geolocation=();midi=();notifications=();push=();sync-xhr=();microphone=();camera=();magnetometer=();gyroscope=();speaker=(self);vibrate=();fullscreen=(self);payment=();"

# This will affect your website it won't allow you to access resources from cross site
Header set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'none' img-src https://www.domain.com/;"
	# Security header for website

	Header set X-Permitted-Cross-Domain-Policies "none"
	Header set X-Content-Type-Options "nosniff"
	Header set X-XSS-Protection "1; mode=block"
	Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
	Header set X-Frame-Options "SAMEORIGIN"
	Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
	Header set Expect-CT enforce,max-age=2592000
	Header set Referrer-Policy "origin"
	Header set Permissions-Policy "geolocation=();midi=();notifications=();push=();sync-xhr=();microphone=();camera=();magnetometer=();gyroscope=();speaker=(self);vibrate=();fullscreen=(self);payment=();"

	# This will affect your website it won't allow you to access resources from cross site
	Header set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'none' img-src https://www.domain.com/;"