obviousdisaster/wordpress-headers.php

## wordpress-headers.php
<?php
/**
 * add security headers to Wordpress
 *
 * @author Mark Hall <https://markhall.dev>
 */

function add_headers()
{
	header( 'Strict-Transport-Security: max-age=31536000' );
	header( 'Content-Security-Policy: frame-ancestors "none";' );
	header( 'X-Frame-Options:  sameorigin' );
	header( 'X-Content-Type-Options: nosniff' );
	header( 'Referrer-Policy: same-origin' );
	header( 'Permissions-Policy: Permissions-Policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, unload=*, window-placement=*, vertical-scroll=*' );
	header( 'X-XSS-Protection 1; mode=block' );
}
add_action( 'send_headers', 'add_headers' );
?>
	<?php
	/**
	* add security headers to Wordpress
	*
	* @author Mark Hall <https://markhall.dev>
	*/

	function add_headers()
	{
	header( 'Strict-Transport-Security: max-age=31536000' );
	header( 'Content-Security-Policy: frame-ancestors "none";' );
	header( 'X-Frame-Options: sameorigin' );
	header( 'X-Content-Type-Options: nosniff' );
	header( 'Referrer-Policy: same-origin' );
	header( 'Permissions-Policy: Permissions-Policy: accelerometer=, ambient-light-sensor=, autoplay=, battery=, camera=, cross-origin-isolated=, display-capture=, document-domain=, encrypted-media=, execution-while-not-rendered=, execution-while-out-of-viewport=, fullscreen=, geolocation=, gyroscope=, keyboard-map=, magnetometer=, microphone=, midi=, navigation-override=, payment=, picture-in-picture=, publickey-credentials-get=, screen-wake-lock=, sync-xhr=, usb=, web-share=, xr-spatial-tracking=, clipboard-read=, clipboard-write=, gamepad=, speaker-selection=, conversion-measurement=, focus-without-user-activation=, hid=, idle-detection=, interest-cohort=, serial=, sync-script=, trust-token-redemption=, unload=, window-placement=, vertical-scroll=' );
	header( 'X-XSS-Protection 1; mode=block' );
	}
	add_action( 'send_headers', 'add_headers' );
	?>