Last active
November 7, 2024 06:23
-
-
Save ammaridris/951a4ea7f6e2c0c2476b673d16560c5e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LoadModule php_module "C:/php/php8apache2_4.dll" | |
| PHPIniDir "C:/php" | |
| <IfModule php_module> | |
| DirectoryIndex index.html default.php index.php | |
| AddHandler application/x-httpd-php .php | |
| </IfModule> | |
| ServerSignature Off | |
| ServerTokens Prod | |
| TraceEnable Off | |
| <IfModule mod_headers.c> | |
| Header set X-XSS-Protection: "1; mode=block" | |
| #Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'" | |
| Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" | |
| Header always set X-Frame-Options "ALLOWALL" | |
| Header always set X-Content-Type-Options "nosniff" | |
| #Header set Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';" | |
| #Header set Content-Security-Policy "default-src *; connect-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com maps.google.com https://maps.googleapis.com http://www.google-analytics.com http://maps.google.com; style-src 'self' 'unsafe-inline';" | |
| #Header set Content-Security-Policy "default-src 'self';" img-src * | |
| </IfModule> | |
| AcceptFilter http none | |
| FileETag None | |
| KeepAlive On |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment