SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
Header always set X-Content-Type-Options nosniff
- Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+ Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:"
Header always set Referrer-Policy strict-origin
Header always set X-Frame-Options sameorigin