From 59e5df4aa65e82758a37e1524fc41573d2ff8813 Mon Sep 17 00:00:00 2001
From: Pierre Rudloff <contact@rudloff.pro>
Date: Mon, 3 Jul 2017 10:19:20 +0200
Subject: [PATCH] Content-Security-Policy and other security headers

---
 .htaccess | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.htaccess b/.htaccess
index 6487a7c..ca8ae0c 100644
--- a/.htaccess
+++ b/.htaccess
@@ -28,3 +28,10 @@ FileETag None
 <ifmodule mod_filter.c>
     AddOutputFilterByType DEFLATE text/css text/html application/javascript font/truetype
 </ifmodule>
+
+<ifmodule mod_headers.c>
+    Header set X-Frame-Options DENY
+    Header set X-Content-Type-Options nosniff
+    Header set X-XSS-Protection "1; mode=block"
+    Header set Content-Security-Policy "default-src 'self'; object-src 'none'; script-src 'none'; img-src http:"
+</ifmodule>