Server
My server configuration
.htaccess
configuration of my webserver. I provide this information for transparency and educational purposes.
# X-XSS-Protection
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
</IfModule>
# X-Frame-Options
<IfModule mod_headers.c>
Header set X-Frame-Options "SAMEORIGIN"
</IfModule>
# X-Content-Type-Options
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
</IfModule>
# Strict-Transport-Security
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
</IfModule>
# Referrer-Policy
<IfModule mod_headers.c>
Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
# Permission-Policy
<IfModule mod_headers.c>
Header set Permissions-Policy "geolocation=(), camera=(), microphone=()"
</IfModule>
# Content-Security-Policy
<IfModule mod_headers.c>
Header set Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' data: https: https://picsum.photos/; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; font-src 'self'; manifest-src 'self'"
</IfModule>
# Disable Cookies
<IfModule mod_headers.c>
Header unset Cookie
Header unset Set-Cookie
</IfModule>
# Static File Caching
<IfModule mod_headers.c>
<FilesMatch "\.(gif|ico|jpeg|jpg|png|css|js|woff2)$">
Header set Cache-Control "max-age=31536000, public"
</FilesMatch>
</IfModule>
# GZIP Compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
</IfModule>
# Redirect 404 to Index
ErrorDocument 404 /index.html
# Block Wayback Machine
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*(ia_archiver|archive.org_bot).*$ [NC]
RewriteRule .* - [F,L]
Beside these manual configurations the server has some other configuration that is not included in the .htaccess
:
- Disabled Server Logs
- Redirects