Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # BEGIN HTTP Headers
- <IfModule mod_headers.c>
- Header always set X-Content-Type-Options "nosniff"
- <FilesMatch "\.(php|html)$">
- Header unset X-Powered-By
- Header always set Access-Control-Allow-Credentials "true"
- Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
- Header always set Access-Control-Allow-Headers "Origin"
- Header always set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; connect-src 'self'; object-src 'self'; frame-src 'self';"
- Header always set Referrer-Policy "no-referrer-when-downgrade"
- Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains”
- Header always set X-Frame-Options "DENY"
- Header always set X-XSS-Protection "1; mode=block"
- Header always set X-UA-Compatible "IE=edge,chrome=1"
- </FilesMatch>
- </IfModule>
- # END HTTP Headers
- # BEGIN Cookie Security
- php_flag session.cookie_httponly on
- php_flag session.cookie_secure on
- # END Cookie Security
Add Comment
Please, Sign In to add comment