Skip to main content

Johan Bové

My Known "Content-Security-Policy" htaccess configuration

2 min read

My current Known .htaccess Content-Security-Policy is full of tool urls.


<IfModule mod_headers.c>
Header set Content-Security-Policy: "default-src 'self'; frame-ancestors 'self' https://www.youtube-nocookie.com https://player.vimeo.com; base-uri 'self'; form-action 'self' https://www.brid.gy https://indieauth.com/ https://monocle.p3k.io/ https://aperture.p3k.io https://indigenous.abode.pub https://alltogethernow.io https://quill.p3k.io; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https: data:; media-src *; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com;
    Header set X-Content-Security-Policy: "default-src 'self'; frame-ancestors 'self' https://www.youtube-nocookie.com https://player.vimeo.com; base-uri 'self'; form-action 'self' https://www.brid.gy https://indieauth.com/ https://monocle.p3k.io/ https://aperture.p3k.io https://indigenous.abode.pub https://alltogethernow.io https://quill.p3k.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https: data:; media-src *; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com;
    Header set X-WebKit-CSP: "default-src 'self'; frame-ancestors 'self' https://www.youtube-nocookie.com https://player.vimeo.com; base-uri 'self'; form-action 'self' https://www.brid.gy https://indieauth.com/ https://monocle.p3k.io/ https://aperture.p3k.io https://indigenous.abode.pub https://alltogethernow.io https://quill.p3k.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https: data:; media-src https:; worker-src 'self' https; font-src *; connect-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com;
</IfModule>
0 stars 0 comments

An IndieWeb Webring 🕸💍

The web ring leads to many interesting personal sites worth exploring, but I am not in control of where the arrows will lead you. Click on your own risk.

Known CMS

Indieweb | Microformats | Webmentions | by-nc-sa/4.0
This website is hosted eco-friendly.