/
  Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' cdn.michivonah.ch blog.michivonah.ch i.ytimg.com; font-src 'self'; connect-src 'self' api.michivonah.ch; upgrade-insecure-requests
  Permissions-Policy: accelerometer=(), autoplay=(), display-capture=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
  Referrer-Policy: strict-origin
  Strict-Transport-Security: max-age=31536000; includeSubDomains
  X-Content-Type-Options: nosniff
  X-Frame-Options: DENY
  X-XSS-Protection: 1; mode=block
  Cross-Origin-Embedder-Policy: require-corp
  Cross-Origin-Opener-Policy: same-origin
  Cross-Origin-Resource-Policy: same-origin
  Access-Control-Allow-Origin: https://michivonah.ch