/*
  Strict-Transport-Security : max-age=63072000; includeSubDomains; preload
  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
  X-Content-Type-Options : nosniff
  Referrer-Policy : no-referrer
  X-Frame-Options : DENY
  X-XSS-Protection : 0
  Permissions-Policy : accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), browsing-topics=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()
  Cross-Origin-Resource-Policy : same-origin
  Cross-Origin-Embedder-Policy : require-corp
  # Cross-Origin-Opener-Policy : same-origin

/*.xml
  Content-Security-Policy : default-src 'none'; img-src 'self' data: https://www.w3.org/; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'

/*.png
  Cross-Origin-Resource-Policy : cross-origin

/*.jpg
  Cross-Origin-Resource-Policy : cross-origin

/.well-known/openpgpkey/hu/*
  Access-Control-Allow-Origin: *