/*
  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
  X-Frame-Options: DENY
  X-XSS-Protection: 1; mode=block
  Referrer-Policy: no-referrer
  X-Content-Type-Options: nosniff
  Access-Control-Allow-Origin: https://oe7drt.at
  # Access-Control-Allow-Origin: https://oe7drt.at https://api.staticman.net
  # Access-Control-Allow-Origin: "*"
  # Content-Security-Policy: default-src 'none'; object-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self';