/*
  Strict-Transport-Security:  max-age=63072000; includeSubDomains; preload
  Content-Security-Policy:    default-src 'self' data: https://kitsu.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ravenjs.com https://www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src https:; media-src https:; frame-src 'none'; font-src https:
  X-Frame-Options:            SAMEORIGIN
  X-Xss-Protection:           1; mode=block
  X-Content-Type-Options:     nosniff
  Referrer-Policy:            strict-origin-when-cross-origin
