anantshri/wp-security/master/htaccess/additional_headers.htaccess

#Add Custom Headers
# Add SAMEORIGIN for non wp-admin sections also.
Header add X-Frame-Options "SAMEORIGIN"
# XSS protection
Header add X-XSS-Protection "1; mode=block"
# Use this only if all scripts are in same domain.
Header add X-Content-Security-Policy "default-src 'self'"
# IE Specific header
Header add X-Content-Type-Options "nosniff"
#Remove various unnecessary tags : This setting might not work at all. Based on server configuration.
# Remove ETAG
Header unset Etag
# Remove Server Signature 
Header unset Server
ServerSignature Off
# Remove PingBack Header
Header unset X-Pingback

On Github License

Files

Download PDF of Htaccess file

Comments

Apache

Htaccess Tutorial
Apache Directive Index
Directive Reference
twitter.com/htaccess