# Prevent MIME-sniffing Header set X-Content-Type-Options "nosniff" # Enable XSS protection Header set X-XSS-Protection "1; mode=block" # Enforce the use of HTTPS Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" # Frame options to prevent clickjacking Header always append X-Frame-Options DENY # Content Security Policy # Be sure to modify 'src' directives based on your site's requirements Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://example.com;" # Referrer Policy Header set Referrer-Policy "no-referrer-when-downgrade" Content-Security-Policy: frame-ancestors 'none'; Content-Security-Policy: frame-ancestors 'self' https://www.getnaild.nl; Content-Security-Policy: frame-ancestors 'self' https://getnaild.nl https://getnaild.nl