# SET CSP HEADER
<IfModule mod_headers.c>
    Header set Content-Security-Policy "upgrade-insecure-requests"
</IfModule>
# REDIRECTION TO HTTPS
# https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
RewriteEngine On
RewriteCond %{HTTP_HOST} ^fournitures\.nordlegumes\.fr$ [NC]
RewriteRule ^((?!fournitures/).*)$ /fournitures/$1 [L,NC]
RewriteCond %{HTTP_HOST} ^phytos\.nordlegumes\.fr$ [NC]
RewriteRule ^((?!phytos/).*)$ /phytos/$1 [L,NC]
RewriteCond %{HTTP_HOST} ^plants\.nordlegumes\.fr$ [NC]
RewriteRule ^((?!plants/).*)$ /plants/$1 [L,NC]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# HSTS HEADER
# Recommanded value: 15778800 (half a year)
# Public deployment: https://hstspreload.appspot.com/
Header always set Strict-Transport-Security "max-age=15778800; includeSubDomains; preload"