Mod_gzip_item_include mime ^application/x-font-woff.* Mod_gzip_item_include mime ^application/x-javascript.* Mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$ Архивирование использованием mod_gzip.cĪddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/css text/javascript application/javascript application/x-javascript Header always edit* Set-Cookie ( \s?) ^route=common/home$ Strip off double Secure or HttpOnly settings as if App and Apache sets above you can sometimes get both Header always edit Set-Cookie (.*) "$1 HttpOnly Secure" Header set X-Content-Type-Options nosniff Header set X-Content-Security-Policy "allow 'self' " Only allow JavaScript from the same domain to be run // Don't allow inline JavaScript to run. Header set X-XSS-Protection "1 mode=block" Don't allow any pages to be framed - Defends against CSRF Header set X-Permitted-Cross-Domain-Policies "none" Header set Strict-Transport-Security "max-age=31536000 includeSubDomains preload" env=HTTPS Header set X-Powered-By "tm by ©clevergod"
SetEnvIf user-agent "libwww-perl" stayout=1 SetEnvIf user-agent "Indy Library" stayout=1
0 kommentar(er)
