Apache Standard Security Headers

.htaccess

## Security Headers - as recommended at https://securityheaders.io ##
Header Set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header Set Content-Security-Policy "script-src 'self' *.google-analytics.com"
Header Set X-Frame-Options "SAMEORIGIN"
Header Set X-Content-Type-Options "nosniff"
Header Set X-XSS-Protection "1; mode=block"
## Security Headers ##