z2z/.htaccess

## .htaccess
# Extra Security Headers
<IfModule mod_headers.c>
  Header unset Server
	Header set X-XSS-Protection "1; mode=block"
	# Header always append X-Frame-Options SAMEORIGIN
	Header set Strict-Transport-Security "max-age=10886400; includeSubDomains; preload"
	Header set X-Content-Type-Options nosniff
	Header set Referrer-Policy: no-referrer-when-downgrade
	Header always set Feature-Policy "microphone 'none'; payment 'none'; sync-xhr 'self' https://yourdomainname.com"
</IfModule>
	# Extra Security Headers
	<IfModule mod_headers.c>
	Header unset Server
	Header set X-XSS-Protection "1; mode=block"
	# Header always append X-Frame-Options SAMEORIGIN
	Header set Strict-Transport-Security "max-age=10886400; includeSubDomains; preload"
	Header set X-Content-Type-Options nosniff
	Header set Referrer-Policy: no-referrer-when-downgrade
	Header always set Feature-Policy "microphone 'none'; payment 'none'; sync-xhr 'self' https://yourdomainname.com"
	</IfModule>