Header always set Content-Security-Policy “default-src ‘self’; font-src *;img-src * data:; script-src *; style-src *;” Header add Strict-Transport-Security"value" Header add Referrer-Policy “value”
Header add X-Permitted-Cross-Domain-Policies “value” Header add X-Download-Options “value”
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]