Configure Exchange Server 2019 Security Header Policy

Content-Security-Policy                       default-src ‘none’; base-uri ‘self’; frame-ancestors ‘none’; form-action ‘self’;
X-Content-Type-Options                     nosniff
Referrer-Policy                                      strict-origin-when-cross-origin
X-Frame-Options                                  DENY