/*
  X-Frame-Options: DENY
  X-XSS-Protection: 1; mode=block
  # Prevent browsers from incorrectly detecting non-scripts as scripts
  X-Content-Type-Options: nosniff
  # Don't load any resource type not explicitly enabled
  # Disable plugins like Flash or Silverlight
  # Load images, scripts, stylesheets and fonts from self
  # Send reports to report-uri.io
  # Content-Security-Policy: default-src 'self' everywhere-8a59.kxcdn.com; object-src 'none'; img-src https: app.codesponsor.io www.google.com; script-src https: www.google-analytics.com ajax.googleapis.com platform.twitter.com buttons.github.io; style-src https: ; font-src https: ; report-uri https://frontendchecklist.report-uri.io/r/default/csp/enforce;