Thursday, May 26th, 2022 | Server
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header always append X-Frame-Options SAMEORIGIN
#Header add Content-Security-Policy "default-src 'self';
#Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
#Header set Referrer-Policy "same-origin""
#Header Referrer-Policy: no-referrer-when-downgrade
Header always set Content-Security-Policy "upgrade-insecure-requests;"