Make content-security-header (CSP) #77
Description
a vulnerability that was discovered during penetration-testing:
"Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header."
protect against: 'ClickJacking' attacks and XSS (cross site scripting)
possible fix: https://blog.sucuri.net/2021/10/how-to-set-up-a-content-security-policy-csp-in-3-steps.html