Skip to content

Instantly share code, notes, and snippets.

@miljan-aleksic miljan-aleksic/.htaccess
Last active Jan 5, 2017

Embed
What would you like to do?
Apache Standard Security Headers
## Security Headers - as recommended at https://securityheaders.io ##
Header Set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header Set Content-Security-Policy "script-src 'self' *.google-analytics.com"
Header Set X-Frame-Options "SAMEORIGIN"
Header Set X-Content-Type-Options "nosniff"
Header Set X-XSS-Protection "1; mode=block"
## Security Headers ##
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.