Create a custom folder and then create the file:
|
1 |
/usr/local/directadmin/data/templates/custom/cust_httpd.CUSTOM.post |
Edit file and insert the content below:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
<IfModule mod_headers.c> <FilesMatch "\.(php|html)$"> Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS Header always set X-Content-Type-Options "nosniff" Header always set X-XSS-Protection "1; mode=block" Header always set X-Frame-Options "SAMEORIGIN" Header always set Referrer-Policy "strict-origin-when-cross-origin" Header always set Expect-CT "enforce, max-age=21600" Header always set Permissions-Policy "geolocation=*, midi=(), sync-xhr=*, microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=(), fullscreen=(self)" Header always set Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self';" </FilesMatch> </IfModule> |
After adding the required headers, you must regenerate the domain configurations and restart Apache:
|
1 2 |
cd /usr/local/directadmin/custombuild ./build rewrite_confs |
Finally, it’s a good idea to hide the PHP version by editing the corresponding php.ini file:
|
1 |
expose_php = Off |
You can check if your score has improved on the website securityheaders.com
