Make the webside more secure …

If .htaccess is not proper used because PHP is loaded as CGI

Well it takes a time, but now after some investigation the code to make the side more save it rather simple. Just add to you php file the following lines and it’s working.

 header("X-XSS-Protection: 1; mode=block");
 header("X-Frame-Options: SAMEORIGIN");
 header("X-Content-Type-Options: nosniff");
 header('Strict-Transport-Security: "max-age=63072000" env=HTTPS');
 header('Content-Security-Policy: default-src "self"');
 header("X-Frame-Options: DENY");

that’s it. Now the website is at least to the standard and published protection mechanismn secured. Alternative you can use the “http headers” plugin.

Update: Finally after checking a lot of themes I could get ride of google fonts and the site now looks very clean. Check on observatory shows, at the moment the site looks good protected.