diff --git a/.htaccess b/.htaccess
index f252ae9b..a5ca9efe 100755
--- a/.htaccess
+++ b/.htaccess
@@ -5,4 +5,9 @@ RewriteRule ^([a-zA-Z]*)/?([a-zA-Z]*)?/?([a-zA-Z0-9]*)?/?$ index.php?controleur=
 ServerSignature Off
 <FilesMatch "\.ini$">
     Deny from all
-</FilesMatch>
\ No newline at end of file
+</FilesMatch>
+Header set X-Frame-Options "SAMEORIGIN"
+Header set X-Content-Type-Options "nosniff"
+Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'"
+Header set Referrer-Policy "strict-origin-when-cross-origin"