httpd.conf

# This can also be done in a .htaccess file depending on your server set # determines where you decide to set it Header unset Content-Security-Policy # Add the entire CSP key value pairs that you want below is just default-src Header add Content-Security-Policy "default-src 'self'" # This opens support to older browsers that support # X-Content-Security-Policy but not Content-Security-Policy Header unset X-Content-Security-Policy Header add X-Content-Security-Policy "default-src 'self'" # This opens support to older browsers that support X-WebKit-CSP # but not Content-Security-Policy Header unset X-WebKit-CSP Header add X-WebKit-CSP "default-src 'self'" #These headers are also helpful in increasing security Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set X-Frame-Options "DENY" Header set Strict-Transport-Security "max-age=31557600; includeSubDomains"