Sie sind hier:
https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Feature-91354-IntegrateServerResponseSecurityChecks.html
https://docs.typo3.org/m/typo3/reference-coreapi/10.4/en-us/Security/GuidelinesAdministrators/Index.html#file-extension-handling
https://www.wacon.de/typo3-know-how/server-response-on-static-files.html
<IfModule mod_mime.c> # Security configuration RemoveType .html .htm <FilesMatch ".+\.html?$"> AddType text/html .html .htm </FilesMatch> RemoveType .svg .svgz <FilesMatch ".+\.svgz?$"> AddType image/svg+xml .svg .svgz </FilesMatch> <FilesMatch ".+\.php\.wrong"> RemoveHandler .php ForceType text/plain AddType text/plain .wrong </FilesMatch> <FilesMatch ".+\.php\.txt"> RemoveHandler .php ForceType text/plain AddType text/plain .txt </FilesMatch> ...
https://content-security-policy.com/
<IfModule mod_headers.c> Header set Content-Security-Policy "default-src 'self'; script-src 'none'; style-src 'none'; object-src 'none';" </IfModule>