/// <summary>
 /// Add default headers in accordance with the most secure approach
 /// </summary>
 public static HeaderPolicyCollection AddDefaultSecurityHeaders(this HeaderPolicyCollection policies)
 {
     policies.AddFrameOptionsDeny();
     policies.AddXssProtectionBlock();
     policies.AddContentTypeOptionsNoSniff();
     policies.AddStrictTransportSecurityMaxAge();
     policies.AddReferrerPolicyOriginWhenCrossOrigin();
     policies.RemoveServerHeader();
     return(policies);
 }