Skip to content

Instantly share code, notes, and snippets.

@botic
Created Sep 27, 2019
Embed
What would you like to do?
Apache Security + Cache Headers
<FilesMatch ".(ico|jpg|jpeg|png|gif|js|css)$">
Header set X-Content-Type-Options nosniff
FileETag -INode MTime Size
Header set Cache-Control "public, max-age=63072000, immutable"
Header unset Last-Modified
</FilesMatch>
<FilesMatch "\.(html)$">
# security-related headers
Header set Expect-CT "max-age=63072000, enforce"
Header set Referrer-Policy same-origin
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options SAMEORIGIN
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header set Content-Security-Policy "default-src 'self' sharedmobility.ai *.sharedmobility.ai; script-src 'self' sharedmobility.ai; style-src 'self' 'unsafe-inline' *.gstatic.com *.jsdelivr.net *.googleapis.com; img-src 'self' sharedmobility.ai; font-src 'self' *.gstatic.com *.jsdelivr.net *.googleapis.com; connect-src api.sharedmobility.ai sharedmobility.ai api.citybik.es *.googleapis.com"
Header set Feature-Policy "geolocation 'self'; accelerometer 'self'; gyroscope 'self'; camera 'none'; microphone 'none'; fullscreen 'self'; document-write 'none'; speaker 'none'; payment 'none'"
# caching
FileETag -INode MTime Size
Header set Cache-Control "max-age=600 public must-revalidate"
Header unset Last-Modified
</FilesMatch>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment