Options -indexes Header always set Content-Security-Policy "default-src 'none'; connect-src 'self' https://releases.grapheneos.org/; \ font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; \ form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'; \ report-uri https://danielmicay.report-uri.com/r/d/csp/enforce" Header always set Feature-Policy "accelerometer 'none'; \ ambient-light-sensor 'none'; \ autoplay 'none'; \ battery 'none'; \ camera 'none'; \ display-capture 'none'; \ document-domain 'none'; \ encrypted-media 'none'; \ fullscreen 'none'; \ geolocation 'none'; \ gyroscope 'none'; \ magnetometer 'none'; \ microphone 'none'; \ midi 'none'; \ payment 'none'; \ picture-in-picture 'none'; \ speaker 'none'; \ sync-xhr 'none'; \ usb 'none'; \ wake-lock 'none'; \ xr-spatial-tracking 'none'" Header set Cache-Control "public, max-age=1800" Header set Cache-Control "public, max-age=86400" Header set Cache-Control "public, max-age=31536000" RedirectMatch 301 ^/security.txt$ /.well-known/security.txt RedirectMatch 301 ^/graphene.png$ /logo.png RedirectMatch 301 ^/pdfviewer_privacy_policy$ /pdfviewer-privacy-policy RedirectMatch 301 ^/safari_pinned_tab_icon.svg$ /mask-icon.svg RedirectMatch 301 ^/safari-pinned-tab-icon.svg$ /mask-icon.svg RedirectMatch 301 ^/bitcoin_address.png$ /bitcoin-address.png # http://www.twipu.com/GrapheneOS doesn't handle links with fragments properly RedirectMatch 301 "^/(.*) ForceType text/plain AddType application/manifest+json webmanifest AddType font/woff2 woff2 AddOutputFilterByType DEFLATE application/manifest+json AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE image/vnd.microsoft.icon AddOutputFilterByType DEFLATE image/svg+xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/plain