apache/security-headers.conf at main · bkb.arcnode.xyz/pitcherplant

bkb.arcnode.xyz / pitcherplant

fork atom

this repo has no description

fork atom

pitcherplant / apache / security-headers.conf

at main 20 lines 984 B view raw

wrap content

bkb Initial release: WordPress login honeypot tarpit 2d ago

ac5a79d0

 1# Recommended Security Headers for WordPress
 2#
 3# Add to .htaccess or Apache site config.
 4# These are independent of the honeypot but complement it well.
 5
 6# BEGIN Security Headers
 7<IfModule mod_headers.c>
 8    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
 9    Header always set X-Content-Type-Options "nosniff"
10    Header always set X-Frame-Options "SAMEORIGIN"
11    Header always set Referrer-Policy "strict-origin-when-cross-origin"
12    Header always set Permissions-Policy "camera=(), microphone=(), geolocation=(), payment=()"
13    Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; frame-ancestors 'self';"
14    Header always set Cross-Origin-Opener-Policy "same-origin"
15</IfModule>
16# END Security Headers
17
18# BEGIN Disable Directory Browsing
19Options -Indexes
20# END Disable Directory Browsing