Security Headers
Template (Customize your options):
<?php
header ('Strict-Transport-Security: max-age=2592000; includeSubdomains');
header("Content-Security-Policy: default-src 'self'; script-src 'self'; object-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; script-src 'self'");
header("X-WebKit-CSP: default-src 'self'; script-src 'self'");
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header("Referrer-Policy: no-referrer");
header("Feature-Policy: vibrate 'self'; sync-xhr 'self'
https://domain.tld");
?>
Check Security Headers:
https://securityheaders.com/
Reg./MfG. Evaki