Header set X-Content-Type-Options "nosniff" Header set Referrer-Policy "strict-origin-when-cross-origin" Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" Header set Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=(), usb=()" Header set Content-Security-Policy "default-src 'self'; base-uri 'self'; connect-src 'self' https://blog.sillylaird.ca; frame-src 'self' https://guestbook.sillylaird.ca https://changelog.sillylaird.ca https://www.youtube.com https://www.msn.com; img-src 'self' https: data:; media-src 'self' https://uploads.sillylaird.ca; script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://www.google.com https://www.google.ca; object-src 'none'"