HTTP Headerをチェック
https://securityheaders.com/
今使っている書き換えが下
ファイル:/etc/httpd/conf.modules.d/01-header.conf
LoadModule headers_module modules/mod_headers.so
<IfModule headers_module>
Header always set Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: ;"
Header always set X-Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: ;"
FileEtag None
RequestHeader unset If-Modified-Since
Header set Cache-Control no-store
RequestHeader unset Proxy early
Header always set Referrer-Policy "same-Origin"
Header always set Permissions-Policy "geolocation=();midi=();microphone=();camera=();fullscreen=(self);payment=()"
Header always unset "X-Powered-By"
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header always set Server Others
Header append X-Frame-Options SAMEORIGIN
</IfModule>
Content-Security-Policyは厳しい設定なので入れるときは慎重に!
ブラウザで要確認