https://orass-finance.com/sitemap-pages.xml 2025-01-10 https://orass-finance.com/sitemap-services.xml 2025-01-10 https://orass-finance.com/ 2025-01-10 weekly 1.0 https://orass-finance.com/loan 2025-01-10 monthly 0.9 https://orass-finance.com/savings 2025-01-10 monthly 0.9 https://orass-finance.com/insurance 2025-01-10 monthly 0.9 https://orass-finance.com/contact 2025-01-10 monthly 0.8 https://orass-finance.com/about 2025-01-10 monthly 0.7 https://orass-finance.com/checker 2025-01-10 weekly 0.6 https://orass-finance.com/mentions-legales 2025-01-10 yearly 0.3 https://orass-finance.com/cookies 2025-01-10 yearly 0.3 https://orass-finance.com/privacy 2025-01-10 yearly 0.3 # ============================================ # SÉCURITÉ & PERFORMANCE - ORASS-FINANCE # ============================================ # Désactiver l'affichage des répertoires Options -Indexes # Protection fichiers sensibles Order allow,deny Deny from all Order allow,deny Deny from all # ============================================ # COMPRESSION GZIP (Performance) # ============================================ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript AddOutputFilterByType DEFLATE application/javascript application/x-javascript AddOutputFilterByType DEFLATE application/json application/xml AddOutputFilterByType DEFLATE image/svg+xml # ============================================ # CACHE NAVIGATEUR (Performance SEO) # ============================================ ExpiresActive On # Images ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType image/gif "access plus 1 year" ExpiresByType image/webp "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 year" ExpiresByType image/x-icon "access plus 1 year" # CSS & JavaScript ExpiresByType text/css "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" ExpiresByType text/javascript "access plus 1 month" # Fonts ExpiresByType font/woff "access plus 1 year" ExpiresByType font/woff2 "access plus 1 year" ExpiresByType application/font-woff "access plus 1 year" # HTML ExpiresByType text/html "access plus 0 seconds" # XML & JSON ExpiresByType application/xml "access plus 0 seconds" ExpiresByType application/json "access plus 0 seconds" # ============================================ # HEADERS DE SÉCURITÉ (Important pour SEO) # ============================================ # Protection XSS Header set X-XSS-Protection "1; mode=block" # Empêcher MIME-sniffing Header set X-Content-Type-Options "nosniff" # Clickjacking protection Header set X-Frame-Options "SAMEORIGIN" # Referrer Policy Header set Referrer-Policy "strict-origin-when-cross-origin" # Content Security Policy (ajustez selon vos besoins) Header set Content-Security-Policy "default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' data: https://cdnjs.cloudflare.com;" # Remove server signature Header unset Server Header unset X-Powered-By # HSTS (HTTPS uniquement - à activer après SSL) # Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" # ============================================ # REDIRECTIONS WWW (SEO - Éviter duplicate content) # ============================================ RewriteEngine On # Forcer HTTPS (à activer après installation SSL) # RewriteCond %{HTTPS} off # RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Forcer WWW (ou non-WWW selon votre choix) # Option A : Forcer WWW # RewriteCond %{HTTP_HOST} !^www\. [NC] # RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Option B : Forcer non-WWW (recommandé) RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [L,R=301] # Trailing slash (SEO) RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_URI} !(.*)/$ RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1/ [L,R=301] # ============================================ # PAGES D'ERREUR PERSONNALISÉES # ============================================ ErrorDocument 404 /404.html ErrorDocument 403 /403.html ErrorDocument 500 /500.html # ============================================ # PROTECTION CONTRE HOTLINKING (Bande passante) # ============================================ RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^https?://(.+\.)?orass-finance\.com [NC] RewriteCond %{REQUEST_URI} \.(jpe?g|png|gif|webp|svg)$ [NC] RewriteRule \.(jpe?g|png|gif|webp|svg)$ - [F,L] # ============================================ # BLOQUER USER-AGENTS MALVEILLANTS # ============================================ RewriteCond %{HTTP_USER_AGENT} (libwww|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC] RewriteRule .* - [F,L] # ============================================ # LIMITE TAILLE UPLOAD (Sécurité) # ============================================ LimitRequestBody 10485760 # ============================================ # PHP SETTINGS (Si applicable) # ============================================ php_flag display_errors Off php_flag log_errors On php_value upload_max_filesize 10M php_value post_max_size 10M php_value max_execution_time 30 php_value session.cookie_httponly 1 php_value session.cookie_secure 1 /* TEAM */ Team: ORASS-FINANCE Development Team Site: contact@orass-finance.com Location: Cotonou, Bénin /* THANKS */ Technology: PHP, JavaScript, MySQL Frameworks: Tailwind CSS, Font Awesome Hosting: [Votre hébergeur] /* SITE */ Last update: 2025/01/10 Language: Français Standards: HTML5, CSS3, WCAG 2.1 Components: Responsive Design, Progressive Enhancement Software: VS Code, PhpStorm, Git Contact: mailto:security@orass-finance.com Contact: https://orass-finance.com/contact Preferred-Languages: fr, en Canonical: https://orass-finance.com/.well-known/security.txt Policy: https://orass-finance.com/security-policy Hiring: https://orass-finance.com/careers # Notre politique de divulgation responsable # Si vous découvrez une vulnérabilité de sécurité, # veuillez nous contacter de manière responsable. ✅ FICHIERS À CRÉER : 1. /public/robots.txt (Artifact #1) 2. /public/sitemap.xml (Artifact #2 - Index) 3. /public/sitemap-pages.xml (Artifact #2 - Pages) 4. /public/.htaccess (Artifact #2 - Config) 5. /public/humans.txt (Optionnel) 6. /public/.well-known/security.txt (Recommandé) ✅ ACTIONS POST-INSTALLATION : 1. Remplacer "orass-finance.com" par votre vrai domaine 2. Activer HTTPS et décommenter les lignes SSL dans .htaccess 3. Soumettre sitemap.xml à Google Search Console 4. Soumettre sitemap.xml à Bing Webmaster Tools 5. Vérifier robots.txt : https://www.google.com/webmasters/tools/robots-testing-tool 6. Tester les headers de sécurité : https://securityheaders.com 7. Vérifier la vitesse : https://pagespeed.web.dev 8. Créer un compte Google Search Console 9. Installer Google Analytics (si souhaité) 10. Configurer Google Ads pixel (si campagnes prévues)