Bonjour, auriez-vous d'autres idées pour mettre toutes les sécurités nécessaires dans le htaccess ?
Je vérifie avec ce site: https://securityheaders.com/
Pour le moment j'ai mis celles-ci... Merci de vos avis
# Security Headers
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options "SAMEORIGIN"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header always set Referrer-Policy "strict-origin-when-cross-origin" Header set Expect-CT "enforce, max-age=604800"
#Header set Content-Security-Policy "default-src script-src script-src 'nonce-uG2bsk6JIH923nsvp01n24KE' 'unsafe-inline' 'unsafe-eval' 'self';" Header always set Permissions-Policy "accelerometer=(self); ambient-light-sensor=(self); autoplay=(self); camera=(self); encrypted-media=(self); fullscreen=(self); geolocation=(self); gyroscope=(self); magnetometer=(self); microphone=(self); midi=(self); payment=(self); picture-in-picture=(*); speaker=(self); sync-xhr=(*); usb=(self); vr=(self);" Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure" Header set Connection keep-alive
</IfModule>