From b04202d4ad634b984b8c4b7a8efed4b07c9a6a7a Mon Sep 17 00:00:00 2001
From: Sami Samhuri <sami@samhuri.net>
Date: Mon, 10 Sep 2018 20:04:18 -0700
Subject: [PATCH] tighten up security a bit

---
 public/.htaccess | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/public/.htaccess b/public/.htaccess
index 3b03fdd..1e51da7 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -26,6 +26,15 @@ ExpiresDefault A259200
 # Add HSTS header https://tools.ietf.org/html/rfc6797
 Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
 
+# Block pages from loading when they detect reflected XSS attacks
+Header set X-XSS-Protection "1; mode=block"
+
+# Prevent browsers from incorrectly detecting non-scripts as scripts
+Header set X-Content-Type-Options "nosniff"
+
+# Block site from being framed
+Header set X-Frame-Options "DENY"
+
 ################
 ### Rewrites ###
 ################