Voeg deze code toe bovenaan de .htaccess in je public_html
# Security Headers Header always set X-Frame-Options "SAMEORIGIN" Header always set X-XSS-Protection "1; mode=block" Header always set X-Content-Type-Options "nosniff" Header set Referrer-Policy "same-origin" Header set Content-Security-Policy "default-src https:; font-src https: data:; img-src https: data:; script-src https:; style-src https:;" Header set Permissions-Policy "autoplay 'none'; camera 'none'; encrypted-media 'self'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; vr 'none'" Header set Strict-Transport-Security "max-age=63072000; includeSubDomains" env=HTTPS Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
Meer informatie vind je hier: https://htaccessbook.com/important-security-headers/