From 06df2f544c171d9edaba62241b5cc446b4c296cc Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 10 Mar 2021 11:59:19 +0100
Subject: [PATCH] set some security headers

---
 .htaccess | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.htaccess b/.htaccess
index f1ec9a858..99425bf93 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,5 +1,10 @@
 Options -Indexes
 
+<IfModule mod_headers.c>
+Header set Strict-Transport-Security: "max-age=15768000; includeSubDomains; preload"
+Header set X-Content-Type-Options: "nosniff"
+</IfModule>
+
 RewriteEngine On
 RewriteRule ^favicon.ico$ styles/bootstrap/favicon.ico [L]