server.modules += ( "mod_setenv" )

setenv.add-response-header = (
	"Content-Security-Policy" => "default-src 'self'; img-src https:; object-src 'self'; script-src 'self'; style-src 'self'",
	"Referrer-Policy" => "no-referrer",
	"X-Content-Type-Options" => "nosniff",
	"X-Frame-Options" => "SAMEORIGIN",
	"X-Permitted-Cross-Domain-Policies" => "none",
	"X-XSS-Protection" => "1; mode=block",
)