$security_policy = "frame-src 'self *.primitivi.org primitivi.org'; ";
//$security_policy  = "default-src 'self'; ";
//$security_policy .= "connect-src 'self'; ";
//$security_policy .= "script-src 'self' 'unsafe-inline'; ";
//$security_policy .= "object-src 'self'; ";
//$security_policy .= "style-src 'self' data: 'unsafe-inline'; ";
//$security_policy .= "media-src 'self'; ";
//$security_policy .= "font-src 'self' data:; ";
//$security_policy .= "img-src 'self' data: https://*.wp.com https://wordpress.org https://ps.w.org https://*.gravatar.com";


header( 'Cache-Control: public', false );
header( 'Cache-Control: no-transform', false );
header( 'Vary: Accept-Encoding', false );
header( 'Strict-Transport-Security: max-age=63072000; includeSubDomains; preload' );
header( 'Referrer-Policy: strict-origin-when-cross-origin' );
header( 'X-Frame-Options: SAMEORIGIN' );
header( 'Content-Security-Policy: '   . $security_policy );
header( 'X-Content-Security-Policy: ' . $security_policy );
header( 'X-WebKit-CSP: '              . $security_policy );
header( 'X-Content-Type-Options: nosniff' );
header( 'X-XSS-Protection: 1; mode=block' );
header('Expect-CT: enforce,max-age=43200');

header_remove( 'Pragma' );
header_remove( 'Last-Modified' );
header_remove( 'X-Powered-By' );
header_remove( 'ETag' );
header_remove( 'Link' );