ServerName jeditable.elabftw.net ServerAdmin webmaster@localhost DocumentRoot /var/www/html/demos ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined Header always set Strict-Transport-Security "max-age=63072000" Header always set X-xss-protection "0" Header always set X-content-type-options "nosniff" Header always set Content-Security-Policy "default-src 'self' data:; script-src 'self' https://ajax.googleapis.com https://code.jquery.com; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline' https://code.jquery.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com; font-src 'self' data: https://use.fontawesome.com https://maxcdn.bootstrapcdn.com; object-src 'self'; base-uri 'none'; frame-ancestors 'none'" Header always set Referrer-policy "no-referrer" Header always set Feature-policy "autoplay 'none'; camera 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; vr 'none'"