Merge remote-tracking branch 'origin/update-response-headers'

Author: attilaantal

web.config

@@ -256,9 +256,15 @@
                 </rule>
             </rules>
         </rewrite>
-    	<httpProtocol>
+      	<httpProtocol>
             <customHeaders>
                 <add name="Cache-Control" value="no-cache" />
+                <add name="Content-Security-Policy" value="frame-ancestors 'self'; upgrade-insecure-requests" />
+                <add name="Referrer-Policy" value="strict-origin-when-cross-origin" />
+                <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
+                <add name="X-Content-Type-Options" value="nosniff" />
+                <add name="X-Frame-Options" value="SAMEORIGIN" />
+                <add name="X-XSS-Protection" value="1; mode=block" />
             </customHeaders>
         </httpProtocol>
         <staticContent>