Last active
July 27, 2018 10:10
-
-
Save Chrissi2812/b477329e3e47837118f2d168f96d4e20 to your computer and use it in GitHub Desktop.
Security Headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<IfModule mod_headers.c> | |
# Disable malicious js in images | |
Header always set X-Content-Type-Options "nosniff" | |
# This forces https for all subdomains too!! | |
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" | |
# Disallow iframing of website in other domains | |
Header always set X-Frame-Options "SAMEORIGIN" | |
# Protect Referrer | |
Header always set Referrer-Policy "no-referrer-when-downgrade, strict-origin-when-cross-origin" | |
# Dont tell what software is used to run the server | |
Header always unset X-Powered-By | |
Header always unset Server | |
</IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment