Add these line below to .htaccess file
<IfModule mod_headers.c>
# Disable content sniffing, since it's an attack vector.
Header always set X-Content-Type-Options nosniff
Header always set Content-Security-Policy "frame-ancestors 'self'"
</IfModule>