| Line 289... |
Line 289... |
| 289 |
# Prevent browsers from incorrectly detecting non-scripts as scripts
|
289 |
# Prevent browsers from incorrectly detecting non-scripts as scripts
|
| 290 |
Header always set X-Content-Type-Options nosniff
|
290 |
Header always set X-Content-Type-Options nosniff
|
| 291 |
# Cors
|
291 |
# Cors
|
| 292 |
Header always set Access-Control-Allow-Origin "*"
|
292 |
Header always set Access-Control-Allow-Origin "*"
|
| 293 |
# Disable unsafe inline/eval, only allow loading of resources (images, fonts, scripts, etc.) over https
|
293 |
# Disable unsafe inline/eval, only allow loading of resources (images, fonts, scripts, etc.) over https
|
| 294 |
Header always set Content-Security-Policy "default-src 'none'; frame-src https://googleads.g.doubleclick.net; img-src 'self' https://rover.ebay.com https://thumbs1.ebaystatic.com https://thumbs2.ebaystatic.com https://thumbs3.ebaystatic.com https://thumbs4.ebaystatic.com; script-src 'self' 'unsafe-inline' https://epnt.ebay.com/static/epn-smart-tools.js https://adservice.google.com/adsid/integrator.js https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://pagead2.googlesyndication.com/pagead/js/r20190415/r20190131/show_ads_impl.js https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-8487504570542589.js https://www.findcheapmusic.com/js/adsbygoogle.js https://www.findcheapmusic.com/js/googleads.js https://www.googletagmanager.com/gtag/js https://www.findcheapmusic.com/js/tooltip.js https://www.googletagservices.com/activeview/js/current/osd.js; style-src 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/ https://www.findcheapmusic.com/css/;frame-ancestors 'self'"
|
294 |
Header always set Content-Security-Policy "default-src 'none'; frame-src https://googleads.g.doubleclick.net; img-src 'self' https://rover.ebay.com https://thumbs1.ebaystatic.com https://thumbs2.ebaystatic.com https://thumbs3.ebaystatic.com https://thumbs4.ebaystatic.com; script-src 'self' 'unsafe-inline' https://epnt.ebay.com/static/epn-smart-tools.js https://adservice.google.com/adsid/integrator.js https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://pagead2.googlesyndication.com/pagead/js/r20190415/r20190131/show_ads_impl.js https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-8487504570542589.js https://www.findcheapmusic.com/js/adsbygoogle.js https://www.findcheapmusic.com/js/googleads.js https://www.googletagmanager.com/gtag/js https://www.findcheapmusic.com/js/tooltip.js https://www.findcheapmusic.com/js/disableSubmit.js https://www.googletagservices.com/activeview/js/current/osd.js; style-src 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/ https://www.findcheapmusic.com/css/;frame-ancestors 'self'"
|
| 295 |
# Disable referrers for browsers that don't support strict-origin-when-cross-origin; Uses strict-origin-when-cross-origin for browsers that do
|
295 |
# Disable referrers for browsers that don't support strict-origin-when-cross-origin; Uses strict-origin-when-cross-origin for browsers that do
|
| 296 |
Header always set Referrer-Policy "no-referrer"
|
296 |
Header always set Referrer-Policy "no-referrer"
|
| 297 |
# Only allow my site to frame itself
|
297 |
# Only allow my site to frame itself
|
| 298 |
#add above# Header always add Content-Security-Policy "frame-ancestors 'self'"
|
298 |
#add above# Header always add Content-Security-Policy "frame-ancestors 'self'"
|
| 299 |
Header always set X-Frame-Options SAMEORIGIN
|
299 |
Header always set X-Frame-Options SAMEORIGIN
|