add Feature-Policy

zero-24 · web-flow · commit d2d1ed10b2e9 · 2020-03-29T21:06:51.000+02:00
diff --git a/.htaccess b/.htaccess
@@ -35,6 +35,8 @@ Options -Indexes
 	Header always set Referrer-Policy "no-referrer-when-downgrade"
 	# Strict-Transport-Security
 	Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+	# Feature-Policy
+	Header always set Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'"
 	# Content-Security-Policy-Report-Only
 	Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'sha256-Y+JFTL90/cEj85vhT3eNtky5NhB/ynGgqp+b7/ec1EU=' 'sha256-jWUL8SPRc6RLWm6Dsgi/j3WazpOVqhUkSV7lQ1CglJg=' 'sha256-/5E6zLxPOzxAM09WN5S/OLOYujyVqNqh2O8TYfHyWGE=' 'sha256-IdGCicCStclh9gcSb3HOLfSv+uYUeKV7MLAn0YH7mJw=' 'sha256-IxJ2MRv31XGmZD5ovlgSBrPmMjftYTJ3OM9/kLh6nBo=' 'sha256-+y2wQhqV7KpN4dzJayfCPBs1WdU7HViVHWrrkFYD5bg=' https://*.google-analytics.com https://netdna.bootstrapcdn.com https://www.googletagmanager.com https://*.googleapis.com https://www.gstatic.com https://code.jquery.com https://cdnjs.cloudflare.com https://*.pingdom.net; style-src 'self' 'sha256-1YvJdQQmg6uOVTYYFv7RZlsdSxEYBbG0Z1Fo7pFmcOQ=' 'sha256-uOtB/8JkT+/L0LDZlxc42nzI/dqQ+q0S/TComR30jHk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' https://*.joomla.org https://fonts.googleapis.com; connect-src 'self' https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com; frame-src 'self' https://www.google.com https://*.googletagmanager.com; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://*.joomla.org; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net; report-uri https://joomla.report-uri.com/r/t/csp/enforce"
 
