<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header set Referrer-Policy "same-origin"
Header set X-XSS-Protection "1; mode=block"
Header set x-frame-options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header set Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval' ;img-src http: https: * data: ;font-src http: https: * data:"
Header set Permissions-Policy "accelerometer=(), autoplay=(), cross-origin-isolated=(self), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(self), midi=(),  payment=(self), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(self), usb=(self), web-share=(), xr-spatial-tracking=(self)"
</IfModule>