Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
ipbfuck Posted October 2, 2015 Posted October 2, 2015 ok, after some ssl test and some other website for test my server, i've see this and i've found inside it more report to fix and improve my config: https://www.dareboost.com/en/home AddDefaultCharset UTF-8 <IfModule mod_headers.c> # Enable expirations ExpiresActive On # Default directive ExpiresDefault "access plus 1 month" # My favicon ExpiresByType image/x-icon "access plus 1 year” # Images ExpiresByType image/gif "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType image/jpg "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" # CSS ExpiresByType text/css "access 1 month” # Javascript ExpiresByType application/javascript "access plus 1 year" # Header Security: Header set X-XSS-Protection "1; mode=block" Header always append X-Frame-Options SAMEORIGIN Header always set X-Content-Type-Options "nosniff" Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" # KeepAlive Header set Connection keep-alive </IfModule> from startin a bad result of 56, now i've 77! ipb, atm, has 71. yes, i've also enabled gzip in server and memcached + opcache (before no cache), and add script before body! but now all seems to work fine and really best. someone have any info for this? i want try to enable also http://www.html5rocks.com/en/tutorials/security/content-security-policy/ but im not sure if is a good idea with ipb
ASTRAPI Posted October 2, 2015 Posted October 2, 2015 Using an .htaccess file will never get a serious performance on your server and is the main reason to move to Nginx. Why? Just check: https://www.nginx.com/resources/wiki/start/topics/examples/likeapache-htaccess/
ipbfuck Posted October 2, 2015 Author Posted October 2, 2015 Ok, but i don't have nginx, cause of it i want try to improve my resource ps: i've put also this: # CSP: Header set Content-Security-Policy "default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:;" all work fine, but is valid for https setup (in other words, accept from all, but only if is in https)!
Recommended Posts
Archived
This topic is now archived and is closed to further replies.