# DO NOT REMOVE. CLOUDLINUX PASSENGER CONFIGURATION BEGIN
PassengerAppRoot "/home/kelukart/public_html/digisave/api"
PassengerBaseURI "/."
PassengerPython "/home/kelukart/virtualenv/public__html_digisave_api/3.5/bin/python3.5"
# DO NOT REMOVE. CLOUDLINUX PASSENGER CONFIGURATION END


# BEGIN Cache-Control Headers
<ifModule mod_headers.c>

    # X-Powered-By hidden by default nobody will notice if you`re using PHP or ASP or whatever
    Header always unset X-Powered-By
    Header always edit Set-Cookie (.*) "$1; HTTPOnly"
    # Server hidden by default nobody will notice if you`re using Apache
    Header always unset Server
    # Set by default UTF-8 charset
    AddDefaultCharset UTF-8
    # language for this files, change it for your needs
    AddLanguage en-gb .html .htm .css .js
    # Set the default charset for every feed methods
    AddCharset utf-8 .atom .css .js .json .rss .vtt .xml
    # drop Range header when more than 5 ranges. CVE-2011-3192
    SetEnvIf Range (,.*?){5,} bad-range=1
    RequestHeader unset Range env=bad-range
    # LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK. Bytes, 0-2147483647(2GB)
    LimitRequestBody 2147483647 
    
    Header set ServerSignature "Off"
    Header always set ServerTokens "Prod"
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block" 
    Header always set X-Content-Type-Options "nosniff" 
    Header set Referrer-Policy: strict-origin-when-cross-origin
    Header always set Content-Security-Policy "default-src 'self' *; img-src 'self' * data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; font-src * data: https:;; style-src 'self' 'unsafe-inline' *; frame-src 'self' *;"

    # Control Cross-Domain Policies
    Header always set X-Permitted-Cross-Domain-Policies "master-only"
    Header always set Strict-Transport-Security "max-age=10886400; includeSubDomains; preload" env=HTTPS

    # Make sure proxies deliver correct content
    Header append Vary User-Agent env=!dont-vary
    # Ensure proxies deliver compressed content correctly
    Header append Vary Accept-Encoding    
    

</ifModule>
