/* X-Frame-Options: DENY X-Content-Type-Options: nosniff Permissions-Policy: document-domain=() Content-Security-Policy: default-src 'self'; script-src 'self' static.cloudflareinsights.com 'unsafe-inline'; connect-src 'self' cloudflareinsights.com 'unsafe-inline'; frame-ancestors 'none';