We'll create fresh WordPress site with Security Header Generator installed. You have 20 minutes to test the plugin after that site we'll be deleted.
This plugin generates the proper security HTTP response headers, attempts to generate a valid Content Security Policy, and sets browser permissions if configured.