Apache - Headers

Custom security headers, might be added to a VHOST:

<IfModule mod_headers.c>
  Header set X-Content-Type-Options nosniff
  Header always set x-xss-protection "1; mode=block"
  Header always set x-frame-options "SAMEORIGIN"
  Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.jsdelivr.net *.facebook.net *.fontawesome.com *.pingdom.net ajax.googleapis.com *.google-analytics.com;"
  Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
  Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
</IfModule>