/*
  Content-Security-Policy: upgrade-insecure-requests, default-src 'none'; font-src 'self'; style-src 'self'
  X-Frame-Options: DENY
  Referrer-Policy: no-referrer
  X-Content-Type-Options: nosniff
  Cross-Origin-Resource-Policy: same-origin
  Strict-Transport-Security: max-age=31536000; includeSubDomains