1) Added ALLOWED_HOSTS list to limit the host address. 2) Added CSP and HSTS security header. 3) Hide the webserver/ development framework version. Fixes #5919