Website Integrity

Hi Team,

I would like you to try my website and check for any issues as I already had a .htaccess however It was mentioned that i have issue with related to CSP

# Force HTTPS - Redirect HTTP to HTTPS (if necessary)
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# HTTP Strict Transport Security (HSTS) - 1 year (31536000 seconds)
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

# Content Security Policy (CSP)
# Use nonces for inline styles and scripts to allow them securely
Header always set Content-Security-Policy "
    default-src 'self';
    script-src 'self' 'nonce-randomString123';
    style-src 'self' 'nonce-randomString123';
    img-src 'self';
    connect-src 'self';
    font-src 'self';
    object-src 'none';
    child-src 'none';
    frame-ancestors 'self';
    form-action 'self';
    upgrade-insecure-requests;
    block-all-mixed-content;
"

# X-Frame-Options - Prevent clickjacking by allowing framing only from the same origin
Header always set X-Frame-Options "SAMEORIGIN"

# X-Content-Type-Options - Prevent MIME sniffing
Header always set X-Content-Type-Options "nosniff"

# Referrer-Policy - Control how much referrer information is sent with requests
Header always set Referrer-Policy "no-referrer-when-downgrade"

# Permissions-Policy - Restrict access to browser features and APIs (adjust based on needs)
Header always set Permissions-Policy "geolocation=(self), microphone=(), camera=()"

# Optional: Disable directory listing
Options -Indexes

If you have any feedback then please do so.

Bitmux.free.nf

1 Like

5 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.