cftad/.htaccess

## .htaccess
# Security Headers - https://securityheaders.com
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
Header always set Content-Security-Policy "upgrade-insecure-requests" env=HTTPS
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy: no-referrer-when-downgrade
Header always set Feature-Policy "microphone 'none'; payment 'none'; sync-xhr 'self' https://example.com"
Header unset "X-Powered-By"
<FilesMatch "\.(htm|html|php)$">
Header set X-Frame-Options "SAMEORIGIN"
Header set X-XSS-Protection "1; mode=block"
</FilesMatch>
	# Security Headers - https://securityheaders.com
	Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
	Header always set Content-Security-Policy "upgrade-insecure-requests" env=HTTPS
	Header always set X-Content-Type-Options "nosniff"
	Header always set X-Frame-Options "SAMEORIGIN"
	Header always set Referrer-Policy: no-referrer-when-downgrade
	Header always set Feature-Policy "microphone 'none'; payment 'none'; sync-xhr 'self' https://example.com"
	Header unset "X-Powered-By"
	<FilesMatch "\.(htm\|html\|php)$">
	Header set X-Frame-Options "SAMEORIGIN"
	Header set X-XSS-Protection "1; mode=block"
	</FilesMatch>