Country Tools:
Secure HTTP Headers Generator
Server SecurityGenerate security HTTP headers like CSP, HSTS, and X-Frame-Options. Improve your website security configuration.
Enforce HTTPS connections.
Prevent clickjacking attacks (DENY/SAMEORIGIN).
Prevent MIME type sniffing (nosniff).
Control how much referrer info is sent.
Disable camera, mic, geolocation.
Configuration
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;