danmaby

#
<IfModule mod_headers.c>
    # HSTS - force redirect to HTTPS at the browser level.
    # Submit for Chrome preload list at https://hstspreload.appspot.com/
    Header set Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload"

    # X-Xss-Protection
    Header always set X-Xss-Protection "1; mode=block"

    # Stop clickjacking by only allowing us to frame our own site