.htaccess


1
2
3
4
5
6
7

<IfModule mod_headers.c>
  Header set X-Content-Type-Options "nosniff"
  Header set Referrer-Policy "strict-origin-when-cross-origin"
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
  Header set Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=(), usb=()"
  Header set Content-Security-Policy "default-src 'self'; base-uri 'self'; connect-src 'self' https://blog.sillylaird.ca; frame-src 'self' https://guestbook.sillylaird.ca https://changelog.sillylaird.ca https://www.youtube.com https://www.msn.com; img-src 'self' https: data:; media-src 'self' https://uploads.sillylaird.ca; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://www.google.com https://www.google.ca; object-src 'none'"
</IfModule>