_headers

/*
Link: </css/styles/index.min.css>; rel=preload; as=stylesheet
Link: </css/js/index.min.js>; rel=preload; as=script
Link: </css/img/icons.svg>; rel=preload; as=image
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self';img-src * blob:;script-src 'self' https://cdn.polyfill.io https://gist.github.com https://production-assets.codepen.io https://codepen.io/ https://*.disqus.com/embed.js https://disqus.com/ https://c.disquscdn.com/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js pagead2.googlesyndication.com https://adservice.google.com/ 'sha256-uv9ihhWV1/99Lna4PlyzJ4Ji2ofiXKU9ak+GUXMN0gw=' 'sha256-YCSlybv0BJeWnGWF8JCyQMs1TUOxVjFyr5upfHiDysc=' 'sha256-YmEu57ZRfDpDDhMApyHsyE3PA6DSf2V+9bIVooFPFHw=';style-src 'self' 'unsafe-inline' https://assets-cdn.github.com https://www.youtube.com https://c.disquscdn.com;	connect-src * wss://realtime.services.disqus.com https://disqus.com;font-src 'self';media-src *;child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://disqus.com;report-uri https://superuser.report-uri.com/r/d/csp/enforce;block-all-mixed-content;upgrade-insecure-requests;disown-opener;reflected-xss block;manifest-src 'self';form-action 'self';