# reduce XSS risks on modern browsers, for details see https://content-security-policy.com/
<IfModule mod_headers.c>
    Header always set Referrer-Policy "same-origin"
	Header set X-XSS-Protection "1; mode=block"
	Header set X-Frame-Options "SAMEORIGIN"
	Header set X-Content-Type-Options "nosniff"
	Header set X-Permitted-Cross-Domain-Policies "none"
</IfModule>