chore: root commit of OWSAP security testing/tightening

Caddyfile.dev

@@ -23,6 +23,8 @@
   header {
     X-Content-Type-Options "nosniff"
     X-Frame-Options "DENY"
+    Content-Security-Policy "frame-ancestors 'none'"
+    Referrer-Policy "strict-origin-when-cross-origin"
   }
 }
 }