HSTS blocks googlebot - googlebot

<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</ifModule>
Except google indexing has stopped since implementation. Does anyone have a work-around?

Related

htaccess multiple headers returning CORS mismatch

I've followed https://developer.mozilla.org/en-US/docs/Learn/Server-side/Apache_Configuration_htaccess#cross-origin_images and these stackoverflow answers Access-Control-Allow-Origin Multiple Origin Domains?
To try and get this to work nicely. But it's throwing a mismatch on some origins and some, it works as expected.
htaccess update
<IfModule mod_rewrite.c>
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
# Allowing fonts for specific origins on mtn domains and local testing
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
SetEnvIf Origin "^http(s)?://(.+\.)?(fiddle\.jshell\.net|lab4\.onlinecms\.mtn\.co\.za|mtndecoupled\.lndo\.site:444|localhost:4200)$" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Credentials true
</FilesMatch>
</IfModule>
</IfModule>
</IfModule>
Screenshots of CORS error:
mtndecoupled.lndo.site:444 https://share.getcloudapp.com/geuA8QxY
lab4.onlinecms.mtn.co.za https://share.getcloudapp.com/Wnu0z94G
localhost:4200 https://share.getcloudapp.com/P8uGvzgx
jsfiddle https://jsfiddle.net/ft92z8c3/1
Edit
Error message in browser console:
CORS header 'Access-Control-Allow-Origin' does not match 'mtndecoupled.lndo.site:444'
Not sure if it's the module check or the set env regex. I'm hoping someone can give more information for this and how I can resolve it.
Appreciate any feedback.
Ok managed to fix this. Hope this might help someone else having this issue.
We are using Varnish cache and realised it was caching the first domain hit. So we updated the htaccess as:
<IfModule mod_rewrite.c>
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
# Disable caching
Header set Cache-Control "no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires 0
# Allowing fonts for specific origins on mtn domains and local testing
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
<IfModule mod_expires.c>
ExpiresActive Off
</IfModule>
<IfModule mod_headers.c>
FileETag None
Header unset ETag
Header unset Pragma
Header unset Cache-Control
Header unset Last-Modified
Header set Pragma "no-cache"
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Expires "Thu, 1 Jan 1970 00:00:00 GMT"
SetEnvIf Origin "^http(s)?://(.+\.)?(fiddle\.jshell\.net|lab4\.onlinecms\.mtn\.co\.za|mtndecoupled\.lndo\.site:444|localhost:4200)$" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Credentials true
</IfModule>
</FilesMatch>
</IfModule>
</IfModule>
</IfModule>

ErrorDocument - set no cache

I have an redirection when 404 is served with apache:
ErrorDocument 404 https://my404.com/image.jpg
# other rewrite rules that cannot be affected
How can I set no-cache header only when redirection above is applied?
From this answer How to prevent http file caching in Apache httpd (MAMP) put the folowing code at .htaccess file :
<filesMatch "image\.jpg$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
</filesMatch>

htaccess valid or not

i've a htaccess where i want to
- hide contents of folders -> this one ok
- redirection where we're in the wrong link -> this one is ok
- solve the problem of validator with the chrome meta -> this one i'm not sure
Here is my htacces, is it correct ?
options -indexes
ErrorDocument 404 /404/index.php
<FilesMatch "\.(htm|html|php)$">
<IfModule mod_headers.c>
BrowserMatch MSIE ie
Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie
</IfModule>
</FilesMatch>

Vary Accept-Encoding header don't works

I added next lines in .htaccess, which I found here How to specify vary accept encoding header in htaccess
<IfModule mod_headers.c>
<FilesMatch "\.(js|css|xml|gz)$">
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
but it isn't works, also I checked phpinfo (Loaded Modules: mod_headers...).
I use Page Speed plugin and I can't see this header in my css file.
Why it isn't works?
Maybe you want use this:
<IfModule mod_headers.c>
<FilesMatch "\.(js|css|xml|gz)$">
Header append Vary: Accept-Encoding
</FilesMatch>
</IfModule>
with semicolon
Add this one in .htaccess file ,it will work
<IfModule mod_headers.c>
<FilesMatch ".(js|css|xml|gz|html)$">
Header append Vary: Accept-Encoding
</FilesMatch>
</IfModule>
If the other examples doesn't work, try this:
<IfModule mod_headers.c>
Header set Vary "Accept-Encoding"
</IfModule>

.htaccess 500 internal server error when set ExpiresActive

In my .htaccess I have this code:
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|txt|html|x-html|php|css|xml|js|woff|ttf|svg|eot)(\.gz)?$">
ExpiresActive On
Header set Expires "Sun, 27 May 2012 00:00:00 GMT"
Header unset ETag
FileETag None
</FilesMatch>
It seems to work perfectly on some servers, but not on one of my websites. I get a 500 Internal Server Error.
Is there anything wrong in the config, or do I have to contact my host?
Ensure that you have these Apache modules enabled and loaded:
ExpiresActive -- mod_expires
Header -- mod_headers
Try this instead (it will only use directives if corresponding module is present):
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|txt|html|x-html|php|css|xml|js|woff|ttf|svg|eot)(\.gz)?$">
<IfModule mod_expires.c>
ExpiresActive On
</IfModule>
<IfModule mod_headers.c>
Header set Expires "Sun, 27 May 2012 00:00:00 GMT"
Header unset ETag
</IfModule>
FileETag None
</FilesMatch>

Resources