Add these lines to the httpd.conf configuration files, either inside your virtualhost sections or inside your .htaccess files:
Header unset Content-Security-Policy Header add Content-Security-Policy "default-src 'self'" Header unset X-Content-Security-Policy Header add X-Content-Security-Policy "default-src 'self'" Header unset X-WebKit-CSP Header add X-WebKit-CSP "default-src 'self'"
You may also be interested in adding these headers:
Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set X-Frame-Options "DENY" Header set Strict-Transport-Security "max-age=631138519; includeSubDomains"
You need to enable (LoadModule) mod_headers if it is not already enabled and then restart apache.
dAm2K source share