/* Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self'; img-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin Feature-Policy: geolocation 'self' Cache-Control: public, max-age=31536000