Some resources are now loaded udependently of the source domain only via secure channels (https).
This can significantly reduce the risk and impact of cross-site scripting attacks in modern browsers.
This also offers the advantage that, for example, "old" inline scripts do not have to be rewritten outside their own domain.
Fixes#146
Can be optionally activated by the FlatPress admin
* Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources for approved content, you can prevent the browser from loading malicious content.
* Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
* HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
* The X-Download-Options response header instructs the browser not to open the file directly but to offer it for download first. This mitigates some potential Social Engineering attacks.
* HTTP Strict Transport Security (HSTS for short) is a security mechanism for HTTPS connections that protects against both connection encryption downgrade attack and session hijacking.
* The referrer policy directive determines whether, and if so which, referrer information for requests triggered by the current web page is sent by the web browser in HTTP requests.
