diff --git a/.htaccess b/.htaccess new file mode 100644 index 0000000..80e1916 --- /dev/null +++ b/.htaccess @@ -0,0 +1,41 @@ +# Set redirect to non www +# ------------------------------------------------------------------------------ +RewriteEngine On +RewriteBase / + +RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] +RewriteRule ^(.*)$ https://%1/$1 [R=301,L] + +RewriteCond %{HTTPS} !=on +RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] + +# HTTP Security Header +# ------------------------------------------------------------------------------ +AddCharset UTF-8 .html +Header always set Strict-Transport-Security: max-age=63072000 +Header always set X-Content-Type-Options nosniff +Header always set X-Frame-Options "DENY" +Header always set X-XSS-Protection "1; mode=block" +Header always set X-Robots-Tag none +Header always set Referrer-Policy "same-origin" +Header always set Expect-CT "enforce, max-age=21600" +Header always set Content-Security-Policy "default-src 'none'; img-src 'self'; style-src 'self'; font-src 'self'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content" +Header always set Feature-Policy "geolocation 'none'; midi 'none'; camera 'none'; usb 'none'; magnetometer 'none'; accelerometer 'none'; vr 'none'; speaker 'none'; ambient-light-sensor 'none'; gyroscope 'none'; microphone 'none'" + +# Set browser caching +# ------------------------------------------------------------------------------ + +ExpiresActive On +ExpiresByType image/jpg "access 1 year" +ExpiresByType image/jpeg "access 1 year" +ExpiresByType image/gif "access 1 year" +ExpiresByType image/png "access 1 year" +ExpiresByType text/css "access 1 month" +ExpiresByType text/html "access 1 month" +ExpiresByType application/pdf "access 1 month" +ExpiresByType text/x-javascript "access 1 month" +ExpiresByType application/x-shockwave-flash "access 1 month" +ExpiresByType image/x-icon "access 1 year" +ExpiresDefault "access 1 month" + +# End caching block \ No newline at end of file diff --git a/_config.yaml b/_config.yaml index ef48174..631920e 100644 --- a/_config.yaml +++ b/_config.yaml @@ -10,6 +10,8 @@ url: "https://www.nicojensen.de" # Build settings markdown: kramdown +include: ['.htaccess'] + exclude: - vendor - source # Don't include the original photos directory