diff --git a/headers/production b/headers/production
index 3824b52..a5df114 100644
--- a/headers/production
+++ b/headers/production
@@ -1,23 +1,24 @@
-# disable FLoC tracking
-Permissions-Policy: interest-cohort=()
-# enable HSTS
-Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
-# disable clients from sniffing the media type
-X-Content-Type-Options: nosniff
-# clickjacking protection
-X-Frame-Options: DENY
-# keep referrer data off of HTTP connections
-Referrer-Policy: no-referrer
-# content security policy
-# style-src 'unsafe-inline': syntax highlighting in codefences
-# sandbox allow-popups: enable target="_blank" links to open in new tabs
-Content-Security-Policy: default-src 'none';
-Content-Security-Policy: img-src 'self' https://mat.services https://stats.mat.services;
-Content-Security-Policy: style-src 'self' https://mat.services 'unsafe-inline';
-Content-Security-Policy: font-src 'self' https://mat.services;
-Content-Security-Policy: script-src 'self' https://mat.services https://stats.mat.services;
-Content-Security-Policy: form-action 'none';
-Content-Security-Policy: frame-ancestors 'none';
-Content-Security-Policy: base-uri 'none';
-Content-Security-Policy: upgrade-insecure-requests;
-Content-Security-Policy: sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox;
+/*
+  # disable FLoC tracking
+  Permissions-Policy: interest-cohort=()
+  # enable HSTS
+  Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
+  # disable clients from sniffing the media type
+  X-Content-Type-Options: nosniff
+  # clickjacking protection
+  X-Frame-Options: DENY
+  # keep referrer data off of HTTP connections
+  Referrer-Policy: no-referrer
+  # content security policy
+  # style-src 'unsafe-inline': syntax highlighting in codefences
+  # sandbox allow-popups: enable target="_blank" links to open in new tabs
+  Content-Security-Policy: default-src 'none';
+  Content-Security-Policy: img-src 'self' https://mat.services https://stats.mat.services;
+  Content-Security-Policy: style-src 'self' https://mat.services 'unsafe-inline';
+  Content-Security-Policy: font-src 'self' https://mat.services;
+  Content-Security-Policy: script-src 'self' https://mat.services https://stats.mat.services;
+  Content-Security-Policy: form-action 'none';
+  Content-Security-Policy: frame-ancestors 'none';
+  Content-Security-Policy: base-uri 'none';
+  Content-Security-Policy: upgrade-insecure-requests;
+  Content-Security-Policy: sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox;