Move to .htaccess file for headers

public/.htaccess

@@ -0,0 +1,16 @@
+Header add Access-Control-Allow-Origin "https://www.wackomenace.co.uk"
+Header add Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self' data: https://cdn.masto.host; manifest-src 'self'; media-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; report-to default"
+Header add Cross-Origin-Embedder-Policy "credentialless; report-to=\"default\""
+Header add Cross-Origin-Opener-Policy "same-origin; report-to=\"default\""
+Header add Cross-Origin-Resource-Policy "cross-origin"
+Header add NEL "{\"report_to\":\"default\",\"max_age\":31536000,\"include_subdomains\":true}"
+Header add Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), usb=(), web-share=(), xr-spatial-tracking=()"
+Header add Referrer-Policy "strict-origin-when-cross-origin"
+Header add Report-To "{\"group\":\"default\",\"max_age\":31536000,\"endpoints\":[{\"url\":\"https://wackomenace.report-uri.com/a/d/g\"}],\"include_subdomains\":true}"
+Header add Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+Header add X-Clacks-Overhead "GNU Kacho Arakelyan"
+Header add X-Content-Type-Options "nosniff"
+Header add X-Frame-Options "DENY"
+Header add X-XSS-Protection "1; mode=block"
+
+ErrorDocument 404 /404.html