# en-tête HTTP "Content-Security-Policy" (CSP)
<IfModule mod_headers.c>
Header set Content-Security-Policy "base-uri 'self'; object-src 'none';  script-src 'self' https://mon-serveur-annexe.tld"
</IfModule>