* Fri Dec 27 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme

- add X-Content-Type-Options nosniff [SME: 12835]
- add Strict Transport Security support HSTS [SME: 12815]
- add X-Frame-Options SAMEORIGIN Header to prevent clickjacking [SME: 12816]
- add referrer-Policy same-origin [SME: 12817]
- add OCSP Stapling support [SME: 12819]
- add CSP Content-Security-Policy support [SME: 9567]
- add .well-known and .well-known/security.txt [SME: 12818]

root/etc/e-smith/templates/var/www/html/.well-known/security.txt/10contact

@@ -5,5 +5,5 @@ Contact: {
 # Contact: mailto:security%2Buri%2Bencoded@example.com
 # Contact: tel:+1-201-555-0123
 # Contact: https://example.com/security-contact.html
-${'httpd-e-smith'}{'SecurityContact'}||"mailto:admin@$DomainName"}
+${'httpd-e-smith'}{'SecurityContact'}||"mailto:admin\@$DomainName"}