/*
  # disable FLoC tracking
  Permissions-Policy: interest-cohort=()
  # enable HSTS
  Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
  # disable clients from sniffing the media type
  X-Content-Type-Options: nosniff
  # clickjacking protection
  X-Frame-Options: DENY
  # keep referrer data off of HTTP connections
  Referrer-Policy: no-referrer
  # content security policy
  # style-src 'unsafe-inline': syntax highlighting in codefences
  # sandbox allow-popups: enable target="_blank" links to open in new tabs
  Content-Security-Policy: default-src 'none'; img-src 'self' https://mat.services https://stats.mat.services; style-src 'self' https://mat.services 'unsafe-inline'; font-src 'self' https://mat.services; script-src 'self' https://mat.services https://stats.mat.services; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests; sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox