rewrite_rule:
- ^(.*)$ https://%%{ich-trickse}{HTTP_HOST}$1 [R=301,L]
headers:
- - "set Content-Security-Policy: \"default-src 'self'; img-src 'self' *.fbcdn.net secure.gravatar.com *.google-analytics.com *.facebook.com www.google.com www.youtube.com *.doubleclick.net data:; font-src 'self' fonts.gstatic.com data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.addthis.com *.addthisedge.com *.google-analytics.com *.facebook.com www.google.com www.youtube.com *.doubleclick.net; child-src 'self'; frame-ancestors 'self';\""
+ - 'always unset "X-Powered-By"'
+ - 'set X-Content-Type-Options: nosniff'
+ - 'set X-XSS-Protection: "1; mode=block"'
+ - 'set X-Frame-Options: sameorigin'
+ - 'set Cache-Control "private, no-cache, no-store, must-revalidate, max-age=0"'
+ - 'set Pragma "no-cache"'
+ - 'set Expires 0'
+ - "set Content-Security-Policy: \"default-src 'self' www.youtube.com; img-src 'self' *.fbcdn.net secure.gravatar.com *.google-analytics.com *.facebook.com www.google.com www.youtube.com *.doubleclick.net data:; font-src 'self' fonts.gstatic.com data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.google-analytics.com *.facebook.com www.google.com www.youtube.com *.doubleclick.net; child-src 'self' *.facebook.com; frame-ancestors 'self';\""
#orat db user password
db_password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAf1uHte9Li7dFlFGS/DIWd4eBvrzTZCziWALTIv3mMq5x6Ym7vdmp8QIJNN9v/gPPnlRv9wav0iKxOo/rFfe/fv+qKgc1VXdc39wFPHO1cTvSBp/ra/5qoTfuoJsjgo97C5vrRzLqY6X4W4fjHwWdUQeKVaB0BrbexOgII0FzYPdCFKCpkbP8TKs6Yd16IUxhLC8aKW/b8VEn1TWHZ1Ulr/+6WPEdoSa5HzuWT6J9C9cKvSoqA9ZmaNmQYB4kcBjvu9g52scIaxG8AKWS5dcSK5yOiusCCeMGShxfx2qAMGHgI4ICPxvR9xes9mBiLsZdqH7ei9n+15fkBFxJvOdDkjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAR7PgSN/JuTkP2O9o9psoVgCCIhd/wB7KKeWAq7yDnqEmlMer1QdCZElj01jUz6HrOtQ==]
- 'set X-Content-Type-Options: nosniff'
- 'set X-XSS-Protection: "1; mode=block"'
- 'set X-Frame-Options: sameorigin'
+ - 'set Cache-Control "private, no-cache, no-store, must-revalidate, max-age=0"'
+ - 'set Pragma "no-cache"'
+ - 'set Expires 0'
+ - "set Content-Security-Policy: \"default-src 'self' www.youtube.com; img-src 'self' *.fbcdn.net secure.gravatar.com *.google-analytics.com *.facebook.com www.google.com www.youtube.com *.doubleclick.net data:; font-src 'self' fonts.gstatic.com data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.google-analytics.com *.facebook.com www.google.com www.youtube.com *.doubleclick.net; child-src 'self' *.facebook.com; frame-ancestors 'self';\""
directories:
- provider: location
path: '/wp-admin/'
- 'set X-Content-Type-Options: nosniff'
- 'set X-XSS-Protection: "1; mode=block"'
- 'set X-Frame-Options: sameorigin'
-# - 'set Cache-Control "private, no-cache, no-store, must-revalidate, max-age=0"'
-# - 'set Pragma "no-cache"'
-# - 'set Expires 0'
+ - 'set Cache-Control "private, no-cache, no-store, must-revalidate, max-age=0"'
+ - 'set Pragma "no-cache"'
+ - 'set Expires 0'
+ - "set Content-Security-Policy: \"default-src 'self' www.youtube.com; img-src 'self' *.fbcdn.net secure.gravatar.com *.google-analytics.com *.facebook.com www.google.com www.youtube.com *.doubleclick.net data:; font-src 'self' fonts.gstatic.com data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.google-analytics.com *.facebook.com www.google.com www.youtube.com *.doubleclick.net; child-src 'self' *.facebook.com; frame-ancestors 'self';\""
directories:
- provider: location
path: '/wp-admin/'
projects / pixelpark / hiera.git / commitdiff