Hi Team,
I would like you to try my website and check for any issues as I already had a .htaccess however It was mentioned that i have issue with related to CSP
# Force HTTPS - Redirect HTTP to HTTPS (if necessary)
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# HTTP Strict Transport Security (HSTS) - 1 year (31536000 seconds)
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
# Content Security Policy (CSP)
# Use nonces for inline styles and scripts to allow them securely
Header always set Content-Security-Policy "
default-src 'self';
script-src 'self' 'nonce-randomString123';
style-src 'self' 'nonce-randomString123';
img-src 'self';
connect-src 'self';
font-src 'self';
object-src 'none';
child-src 'none';
frame-ancestors 'self';
form-action 'self';
upgrade-insecure-requests;
block-all-mixed-content;
"
# X-Frame-Options - Prevent clickjacking by allowing framing only from the same origin
Header always set X-Frame-Options "SAMEORIGIN"
# X-Content-Type-Options - Prevent MIME sniffing
Header always set X-Content-Type-Options "nosniff"
# Referrer-Policy - Control how much referrer information is sent with requests
Header always set Referrer-Policy "no-referrer-when-downgrade"
# Permissions-Policy - Restrict access to browser features and APIs (adjust based on needs)
Header always set Permissions-Policy "geolocation=(self), microphone=(), camera=()"
# Optional: Disable directory listing
Options -Indexes
If you have any feedback then please do so.
Bitmux.free.nf