Strict-Transport-Security: max-age=31536000; Content-Security-Policy: default-src 'self' X-Content-Type-Options: nosniff