hroling/owncloud Headers

## owncloud Headers
Hierbij de Apache Headers voor OwnCloud

Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always set X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set X-Robots-Tag "none"
Header unset X-Powered-By
Header unset X-Pingback

LET OP. Pinning moet op eigen PKI tree gedaan worden. Dit is wat ik gebruik.
In deze Header zitten: 1: StartSSL Class 1 CA, 2: Let's Encrypt CA, 3: DST Root CA X3.

Header set Public-Key-Pins "pin-sha256=\"kb6xLprt35abNnSn74my4Dkfya9arbk5zN5a60YzuqE=\"; pin-sha256=\"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=\"; pin-sha256=\"Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=\"; max-age=2592000; includeSubDomains"
	Hierbij de Apache Headers voor OwnCloud

	Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
	Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
	Header always set X-Frame-Options SAMEORIGIN
	Header set X-Content-Type-Options "nosniff"
	Header set X-XSS-Protection "1; mode=block"
	Header set X-Robots-Tag "none"
	Header unset X-Powered-By
	Header unset X-Pingback

	LET OP. Pinning moet op eigen PKI tree gedaan worden. Dit is wat ik gebruik.
	In deze Header zitten: 1: StartSSL Class 1 CA, 2: Let's Encrypt CA, 3: DST Root CA X3.

	Header set Public-Key-Pins "pin-sha256=\"kb6xLprt35abNnSn74my4Dkfya9arbk5zN5a60YzuqE=\"; pin-sha256=\"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=\"; pin-sha256=\"Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=\"; max-age=2592000; includeSubDomains"