Heighten security according to Mozilla Observatory.

2016-08-28 12:14:04 +02:00
parent edb3b0b59d
commit 5722c96947
5 changed files with 99 additions and 52 deletions
--- a/.htaccess
+++ b/.htaccess
@ -0,0 +1,5 @@
+Header set Content-Security-Policy "default-src *; script-src 'self' ajax.googleapis.com; style-src 'self'"
+Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+Header set X-Frame-Options "deny"
+Header set X-XSS-Protection "1; mode=block"
+Header set X-Content-Type-Options "nosniff"