All in avec ça! Tu passes à l'aise le https://observatory.mozilla.org/ 
# X-Frame-Options Protect against page-framing and click-jacking
Header always append X-Frame-Options SAMEORIGIN
# X-Content-Type nosniff
Header set X-Content-Type-Options nosniff
#HSTS Header
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
#CSP
Header add Content-Security-Policy "default-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; frame-src 'self' https://mon.site.fr;"
securite_headers_et_fichier_htaccess.txt · Dernière modification : 2023/08/23 19:28 de siick