From 8b823276d45048e7d319ada3aaa2a8f6f5a65973 Mon Sep 17 00:00:00 2001 From: samuel-p Date: Wed, 18 Dec 2019 21:44:37 +0100 Subject: [PATCH] removed .htaccess updated README.md --- README.md | 16 +++++++++++++++- src/.htaccess | 6 ------ 2 files changed, 15 insertions(+), 7 deletions(-) delete mode 100644 src/.htaccess diff --git a/README.md b/README.md index cc7668d..04e7799 100644 --- a/README.md +++ b/README.md @@ -5,4 +5,18 @@ Website for samuel-philipp.de [GitHub](https://github.com/samuel-p/samuel-philipp.de) -[GitLab](https://gitlab.com/samuel-p/samuel-philipp.de) \ No newline at end of file +[GitLab](https://gitlab.com/samuel-p/samuel-philipp.de) + +## Additional Header Parameters + +The following Parameters are set directly on the Web-Server. + +``` +Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' +Strict-Transport-Security: max-age=63072000; includeSubdomains; preload +X-Content-Type-Options: nosniff +X-Frame-Options: DENY +X-XSS-Protection: 1; mode=block +``` + +There is also a `301` Redirect from http to https. \ No newline at end of file diff --git a/src/.htaccess b/src/.htaccess deleted file mode 100644 index 1220650..0000000 --- a/src/.htaccess +++ /dev/null @@ -1,6 +0,0 @@ -RewriteEngine On - -Header always set "Content-Security-Policy" "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'" - -RewriteCond %{HTTPS} off -RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]