Security Headers

From Wiki

Jump to navigation Jump to search

Add the following to .htaccess

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "same-origin"
Header always set Permissions-Policy ""
Header always set Content-Security-Policy "script-src 'self' 'unsafe-inline';"

Retrieved from "https://workwiki.in/index.php?title=Security_Headers&oldid=122"