| Line 293... |
Line 293... |
| 293 |
# Prevent browsers from incorrectly detecting non-scripts as scripts
|
293 |
# Prevent browsers from incorrectly detecting non-scripts as scripts
|
| 294 |
Header always set X-Content-Type-Options nosniff
|
294 |
Header always set X-Content-Type-Options nosniff
|
| 295 |
# Cors
|
295 |
# Cors
|
| 296 |
Header always set Access-Control-Allow-Origin "*"
|
296 |
Header always set Access-Control-Allow-Origin "*"
|
| 297 |
# Disable unsafe inline/eval, only allow loading of resources (images, fonts, scripts, etc.) over https
|
297 |
# Disable unsafe inline/eval, only allow loading of resources (images, fonts, scripts, etc.) over https
|
| 298 |
Header always set Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src data: https://fonts.gstatic.com https://use.fontawesome.com; form-action 'self'; frame-src https://www.google.com; img-src 'self' data: http://abs.twimg.com https://abs.twimg.com https://i5.walmartimages.com https://images.samash.com https://img.discogs.com https://lh4.googleusercontent.com https://thumbs1.ebaystatic.com https://thumbs2.ebaystatic.com https://thumbs3.ebaystatic.com https://thumbs4.ebaystatic.com https://www.fye.com https://www.musicnotes.com https://www.secondspin.com https://platform-lookaside.fbsbx.com https://ad.linksynergy.com https://www.lduhtrp.net https://i5.wal.co https://cj.dotomi.com https://www.awltovhc.com https://www.ftjcfx.com https://www.tqlkg.com https://www.emjcd.com https://www.yceml.net https://beacon.affil.walmart.com https://assets.sheetmusicplus.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/ https://use.fontawesome.com/releases/v5.8.1/css/;frame-ancestors 'self'"
|
298 |
Header always set Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src data: https://fonts.gstatic.com https://use.fontawesome.com; form-action 'self'; frame-src https://www.google.com; img-src 'self' data: http://abs.twimg.com https://abs.twimg.com https://i5.walmartimages.com https://images.samash.com https://img.discogs.com https://lh4.googleusercontent.com https://thumbs1.ebaystatic.com https://thumbs2.ebaystatic.com https://thumbs3.ebaystatic.com https://thumbs4.ebaystatic.com https://www.fye.com https://www.musicnotes.com https://www.secondspin.com https://platform-lookaside.fbsbx.com https://ad.linksynergy.com https://www.lduhtrp.net https://i5.wal.co https://cj.dotomi.com https://www.awltovhc.com https://www.ftjcfx.com https://www.tqlkg.com https://www.emjcd.com https://www.yceml.net https://beacon.affil.walmart.com https://assets.sheetmusicplus.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/ https://use.fontawesome.com/releases/v5.8.1/css/;frame-ancestors 'self'"
|
| 299 |
# Disable referrers for browsers that don't support strict-origin-when-cross-origin; Uses strict-origin-when-cross-origin for browsers that do
|
299 |
# Disable referrers for browsers that don't support strict-origin-when-cross-origin; Uses strict-origin-when-cross-origin for browsers that do
|
| 300 |
Header always set Referrer-Policy "no-referrer"
|
300 |
Header always set Referrer-Policy "no-referrer"
|
| 301 |
# Only allow my site to frame itself
|
301 |
# Only allow my site to frame itself
|
| 302 |
#add above# Header always add Content-Security-Policy "frame-ancestors 'self'"
|
302 |
#add above# Header always add Content-Security-Policy "frame-ancestors 'self'"
|
| 303 |
Header always set X-Frame-Options SAMEORIGIN
|
303 |
Header always set X-Frame-Options SAMEORIGIN
|