Use common-debian-service-ssl wafertest.debconf.org
Use common-ssl-HSTS
+ Header always set Referrer-Policy "same-origin"
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
# Header always set Access-Control-Allow-Origin: "*"