Content-Security-Policy and other security headers

2017-07-03 10:19:20 +02:00 · 2017-07-03 10:19:20 +02:00 · 59e5df4aa6
parent dd00e9d279
commit 59e5df4aa6
1 changed files with 7 additions and 0 deletions
--- a/.htaccess
+++ b/.htaccess
@ -28,3 +28,10 @@ FileETag None
 <ifmodule mod_filter.c>
    AddOutputFilterByType DEFLATE text/css text/html application/javascript font/truetype
 </ifmodule>
+
+<ifmodule mod_headers.c>
+    Header set X-Frame-Options DENY
+    Header set X-Content-Type-Options nosniff
+    Header set X-XSS-Protection "1; mode=block"
+    Header set Content-Security-Policy "default-src 'self'; object-src 'none'; script-src 'none'; img-src http:"
+</ifmodule>