Untitled

Content-Security-Policy: img-src 'self' data: https:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob: https:; object-src * data: https:; worker-src * data: blob: https:;
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff