Skip to content

Instantly share code, notes, and snippets.

@avarx

avarx/.htaccess

Created March 12, 2018 14:30
Show Gist options
  • Save avarx/7290d54f9dcb17c1113c9546deb592e3 to your computer and use it in GitHub Desktop.
Save avarx/7290d54f9dcb17c1113c9546deb592e3 to your computer and use it in GitHub Desktop.
Download ZIP
securityheaders.io
Raw
.htaccess
###################
# START SEC Headers (https://securityheaders.io/)
###################
# HTTP Strict Transport Security
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
# Content Security Policy
Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'"
# Xss-Protection
Header always set X-Xss-Protection "1; mode=block"
# X-Content-Type
Header always set X-Content-Type-Options "nosniff"
# X-Frame
Header always set X-Frame-Options "SAMEORIGIN"
# Referrer-Policy
Header always set Referrer-Policy "same-origin"
###################
# END SEC Headers
###################
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment