# Security Headers # X-Frame-Options <IfModule mod_headers.c> Header set X-Frame-Options "SAMEORIGIN" </IfModule> # X-Content-Type-Options <IfModule mod_headers.c> Header set X-Content-Type-Options "nosniff" </IfModule> # Strict-Transport-Security <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" </IfModule> # END Security Headers