Skip to content

Instantly share code, notes, and snippets.

@danmaby
danmaby / .htaccess
Last active February 16, 2018 15:17
Site Security All Sites
#
<IfModule mod_headers.c>
# HSTS - force redirect to HTTPS at the browser level.
# Submit for Chrome preload list at https://hstspreload.appspot.com/
Header set Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload"
# X-Xss-Protection
Header always set X-Xss-Protection "1; mode=block"
# Stop clickjacking by only allowing us to frame our own site