From a8d81183849fab56b3a3c189661b842a707cba62 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <me@katriel.co.uk>
Date: Fri, 10 Sep 2021 16:44:19 +0100
Subject: [PATCH 01/21] remove noscript

---
 index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.html b/index.html
index bac68cb..3ee5f5a 100644
--- a/index.html
+++ b/index.html
@@ -50,7 +50,7 @@
 
     <link type="text/css" rel="stylesheet" href="https://fonts.googleapis.com/css?family=Lato:300italic,700italic,300,700" />
     <!-- AMP boilerplate -->
-    <style amp-boilerplate>body{-webkit-animation:-amp-start 8s steps(1,end) 0s 1 normal both;-moz-animation:-amp-start 8s steps(1,end) 0s 1 normal both;-ms-animation:-amp-start 8s steps(1,end) 0s 1 normal both;animation:-amp-start 8s steps(1,end) 0s 1 normal both}@-webkit-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-moz-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-ms-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-o-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}</style><noscript><style amp-boilerplate>body{-webkit-animation:none;-moz-animation:none;-ms-animation:none;animation:none}</style></noscript>
+    <style amp-boilerplate>body{-webkit-animation:-amp-start 8s steps(1,end) 0s 1 normal both;-moz-animation:-amp-start 8s steps(1,end) 0s 1 normal both;-ms-animation:-amp-start 8s steps(1,end) 0s 1 normal both;animation:-amp-start 8s steps(1,end) 0s 1 normal both}@-webkit-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-moz-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-ms-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-o-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}</style>
 
     <!-- stylesheets inline for Reasons -->
     <style amp-custom>

From da55a95395c32b0a18bd3455e4327a2a34103446 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 11:59:07 +0100
Subject: [PATCH 02/21] csp headers to netlify

---
 netlify.toml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 netlify.toml

diff --git a/netlify.toml b/netlify.toml
new file mode 100644
index 0000000..b925211
--- /dev/null
+++ b/netlify.toml
@@ -0,0 +1,28 @@
+[[headers]]
+  for = "/*"
+  [headers.values]
+    Report-To = '''{
+        "group":"default",
+        "max_age":31536000,
+        "endpoints":[{"url":"https://katriel.report-uri.com/a/d/g"}],
+        "include_subdomains":true
+    }'''
+    NEL = '''{
+        "report_to":"default",
+        "max_age":31536000,
+        "include_subdomains":true
+    }'''
+    Content-Security-Policy-Report-Only = '''
+    default-src 'self';
+    script-src 'report-sample' 'self';
+    style-src 'report-sample' 'self' https://fonts.googleapis.com;
+    object-src 'none';
+    base-uri 'self';
+    connect-src 'self';
+    font-src 'self' https://fonts.gstatic.com;
+    frame-src 'self';
+    img-src 'self' https://d33wubrfki0l68.cloudfront.net;
+    manifest-src 'self';
+    media-src 'self';
+    report-uri https://katriel.report-uri.com/r/d/csp/reportOnly;
+    worker-src 'none';'''

From 6b1fa1c08aa68bffef2e2e640276ad5aa4858144 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 12:07:36 +0100
Subject: [PATCH 03/21] remove google analytics

---
 index.html | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/index.html b/index.html
index 3ee5f5a..3b21dbd 100644
--- a/index.html
+++ b/index.html
@@ -401,25 +401,9 @@
     <![endif]-->
 
     <!-- We're already AMP so let's support it for the little lightning bolt -->
-    <script async type="text/javascript" custom-element="amp-analytics" src="https://cdn.ampproject.org/v0/amp-analytics-0.1.js"></script>
     <script async type="text/javascript" src="https://cdn.ampproject.org/v0.js"></script>
   </head>
   <body>
-    <amp-analytics type="googleanalytics">
-    <script type="application/json">
-        {
-          "vars": {
-            "account": "UA-829940-1"
-          },
-          "triggers": {
-              "trackPageview": {
-                "on": "visible",
-                "request": "pageview"
-              }
-          }
-        }
-    </script>
-    </amp-analytics>
     <div class="wrapper">
       <header>
         <h1>katriel cohn-gordon</h1>

From d319e9e47b4ee7247682ad7ac81977a052a3dd9f Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 12:03:21 +0100
Subject: [PATCH 04/21] csp report uri

---
 netlify.toml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/netlify.toml b/netlify.toml
index b925211..30f7917 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -21,8 +21,9 @@
     connect-src 'self';
     font-src 'self' https://fonts.gstatic.com;
     frame-src 'self';
-    img-src 'self' https://d33wubrfki0l68.cloudfront.net;
+    img-src 'self' https://*.cloudfront.net;
     manifest-src 'self';
     media-src 'self';
     report-uri https://katriel.report-uri.com/r/d/csp/reportOnly;
+    report-to report-uri;
     worker-src 'none';'''

From 3c9ec789c6c4dc08cea3e3647c12000ce2441c17 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 12:11:41 +0100
Subject: [PATCH 05/21] add amp

---
 netlify.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netlify.toml b/netlify.toml
index 30f7917..b8c1a16 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -14,7 +14,7 @@
     }'''
     Content-Security-Policy-Report-Only = '''
     default-src 'self';
-    script-src 'report-sample' 'self';
+    script-src 'report-sample' 'self' https://cdn.ampproject.org;
     style-src 'report-sample' 'self' https://fonts.googleapis.com;
     object-src 'none';
     base-uri 'self';

From 63818d614f4a21b1eefb4e1d0a9cb0e5d5ca3b31 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:20:02 +0100
Subject: [PATCH 06/21] add more options

---
 netlify.toml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/netlify.toml b/netlify.toml
index b8c1a16..a2f5550 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -7,11 +7,13 @@
         "endpoints":[{"url":"https://katriel.report-uri.com/a/d/g"}],
         "include_subdomains":true
     }'''
+    
     NEL = '''{
         "report_to":"default",
         "max_age":31536000,
         "include_subdomains":true
     }'''
+    
     Content-Security-Policy-Report-Only = '''
     default-src 'self';
     script-src 'report-sample' 'self' https://cdn.ampproject.org;
@@ -20,6 +22,7 @@
     base-uri 'self';
     connect-src 'self';
     font-src 'self' https://fonts.gstatic.com;
+    frame-ancestors 'none';
     frame-src 'self';
     img-src 'self' https://*.cloudfront.net;
     manifest-src 'self';
@@ -27,3 +30,7 @@
     report-uri https://katriel.report-uri.com/r/d/csp/reportOnly;
     report-to report-uri;
     worker-src 'none';'''
+    
+    X-Content-Type-Options = 'nosniff'
+    X-Frame-Options: DENY;
+    X-XSS-Protection: '''1; mode=block'''
\ No newline at end of file

From e2fafe89987e65cffb73c8afa914d846a738b7e2 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:20:51 +0100
Subject: [PATCH 07/21] oopsie

---
 netlify.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/netlify.toml b/netlify.toml
index a2f5550..18df533 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -32,5 +32,5 @@
     worker-src 'none';'''
     
     X-Content-Type-Options = 'nosniff'
-    X-Frame-Options: DENY;
-    X-XSS-Protection: '''1; mode=block'''
\ No newline at end of file
+    X-Frame-Options = DENY;
+    X-XSS-Protection = '''1; mode=block'''
\ No newline at end of file

From e7d1bbd888c187a954199caf243c0d1141ab00e6 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:21:16 +0100
Subject: [PATCH 08/21] oopsie 2

---
 netlify.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netlify.toml b/netlify.toml
index 18df533..16eb0fb 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -32,5 +32,5 @@
     worker-src 'none';'''
     
     X-Content-Type-Options = 'nosniff'
-    X-Frame-Options = DENY;
+    X-Frame-Options = 'DENY';
     X-XSS-Protection = '''1; mode=block'''
\ No newline at end of file

From e120246cc3e807cbab7888e7874cbe1d22321c30 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:22:03 +0100
Subject: [PATCH 09/21] oopsie 4

---
 netlify.toml | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/netlify.toml b/netlify.toml
index 16eb0fb..c3f3486 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -15,22 +15,23 @@
     }'''
     
     Content-Security-Policy-Report-Only = '''
-    default-src 'self';
-    script-src 'report-sample' 'self' https://cdn.ampproject.org;
-    style-src 'report-sample' 'self' https://fonts.googleapis.com;
-    object-src 'none';
-    base-uri 'self';
-    connect-src 'self';
-    font-src 'self' https://fonts.gstatic.com;
-    frame-ancestors 'none';
-    frame-src 'self';
-    img-src 'self' https://*.cloudfront.net;
-    manifest-src 'self';
-    media-src 'self';
-    report-uri https://katriel.report-uri.com/r/d/csp/reportOnly;
-    report-to report-uri;
-    worker-src 'none';'''
+      default-src 'self';
+      script-src 'report-sample' 'self' https://cdn.ampproject.org;
+      style-src 'report-sample' 'self' https://fonts.googleapis.com;
+      object-src 'none';
+      base-uri 'self';
+      connect-src 'self';
+      font-src 'self' https://fonts.gstatic.com;
+      frame-ancestors 'none';
+      frame-src 'self';
+      img-src 'self' https://*.cloudfront.net;
+      manifest-src 'self';
+      media-src 'self';
+      report-uri https://katriel.report-uri.com/r/d/csp/reportOnly;
+      report-to report-uri;
+      worker-src 'none';'''
     
     X-Content-Type-Options = 'nosniff'
     X-Frame-Options = 'DENY';
-    X-XSS-Protection = '''1; mode=block'''
\ No newline at end of file
+    X-XSS-Protection = '''1
+      mode='block''''
\ No newline at end of file

From 1e0704add906ea57ff08f3107af696e45ed094a8 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:22:45 +0100
Subject: [PATCH 10/21] oopsie 3

---
 netlify.toml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/netlify.toml b/netlify.toml
index c3f3486..9cb9ac7 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -32,6 +32,7 @@
       worker-src 'none';'''
     
     X-Content-Type-Options = 'nosniff'
-    X-Frame-Options = 'DENY';
-    X-XSS-Protection = '''1
+    X-Frame-Options = 'DENY'
+    X-XSS-Protection = '''
+      1;
       mode='block''''
\ No newline at end of file

From daddd459c2eaa3694c9d8217e78bda5b4738edc5 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:23:24 +0100
Subject: [PATCH 11/21] oopsie 5

---
 netlify.toml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/netlify.toml b/netlify.toml
index 9cb9ac7..7390531 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -33,6 +33,4 @@
     
     X-Content-Type-Options = 'nosniff'
     X-Frame-Options = 'DENY'
-    X-XSS-Protection = '''
-      1;
-      mode='block''''
\ No newline at end of file
+    X-XSS-Protection = '1;mode=block'
\ No newline at end of file

From e30a19970f80a39c98af0975ec2345eef81a0c46 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:26:10 +0100
Subject: [PATCH 12/21] oopsie 6

---
 _headers     | 25 +++++++++++++++++++++++++
 netlify.toml | 36 ------------------------------------
 2 files changed, 25 insertions(+), 36 deletions(-)
 create mode 100644 _headers
 delete mode 100644 netlify.toml

diff --git a/_headers b/_headers
new file mode 100644
index 0000000..881fee1
--- /dev/null
+++ b/_headers
@@ -0,0 +1,25 @@
+/*
+    Report-To: '{"group":"default","max_age":31536000,"endpoints":[{"url":"https://katriel.report-uri.com/a/d/g"}],"include_subdomains":true}'
+    
+    NEL: '{"report_to":"default","max_age":31536000,"include_subdomains":true
+    }'
+    
+    Content-Security-Policy-Report-Only: default-src 'self';
+    Content-Security-Policy-Report-Only: script-src 'report-sample' 'self' https://cdn.ampproject.org;
+    Content-Security-Policy-Report-Only: style-src 'report-sample' 'self' https://fonts.googleapis.com;
+    Content-Security-Policy-Report-Only: object-src 'none';
+    Content-Security-Policy-Report-Only: base-uri 'self';
+    Content-Security-Policy-Report-Only: connect-src 'self';
+    Content-Security-Policy-Report-Only: font-src 'self' https://fonts.gstatic.com;
+    Content-Security-Policy-Report-Only: frame-ancestors 'none';
+    Content-Security-Policy-Report-Only: frame-src 'self';
+    Content-Security-Policy-Report-Only: img-src 'self' https://*.cloudfront.net;
+    Content-Security-Policy-Report-Only: manifest-src 'self';
+    Content-Security-Policy-Report-Only: media-src 'self';
+    Content-Security-Policy-Report-Only: report-uri https://katriel.report-uri.com/r/d/csp/reportOnly;
+    Content-Security-Policy-Report-Only: report-to report-uri;
+    Content-Security-Policy-Report-Only: worker-src 'none';
+    
+    X-Content-Type-Options: nosniff
+    X-Frame-Options: DENY
+    X-XSS-Protection: 1;mode=block
\ No newline at end of file
diff --git a/netlify.toml b/netlify.toml
deleted file mode 100644
index 7390531..0000000
--- a/netlify.toml
+++ /dev/null
@@ -1,36 +0,0 @@
-[[headers]]
-  for = "/*"
-  [headers.values]
-    Report-To = '''{
-        "group":"default",
-        "max_age":31536000,
-        "endpoints":[{"url":"https://katriel.report-uri.com/a/d/g"}],
-        "include_subdomains":true
-    }'''
-    
-    NEL = '''{
-        "report_to":"default",
-        "max_age":31536000,
-        "include_subdomains":true
-    }'''
-    
-    Content-Security-Policy-Report-Only = '''
-      default-src 'self';
-      script-src 'report-sample' 'self' https://cdn.ampproject.org;
-      style-src 'report-sample' 'self' https://fonts.googleapis.com;
-      object-src 'none';
-      base-uri 'self';
-      connect-src 'self';
-      font-src 'self' https://fonts.gstatic.com;
-      frame-ancestors 'none';
-      frame-src 'self';
-      img-src 'self' https://*.cloudfront.net;
-      manifest-src 'self';
-      media-src 'self';
-      report-uri https://katriel.report-uri.com/r/d/csp/reportOnly;
-      report-to report-uri;
-      worker-src 'none';'''
-    
-    X-Content-Type-Options = 'nosniff'
-    X-Frame-Options = 'DENY'
-    X-XSS-Protection = '1;mode=block'
\ No newline at end of file

From cd245a458ef2768d9f5a8ed1ec30005a6cf27e05 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:26:50 +0100
Subject: [PATCH 13/21] oopsie 7

---
 _headers | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/_headers b/_headers
index 881fee1..91373fe 100644
--- a/_headers
+++ b/_headers
@@ -1,8 +1,7 @@
 /*
     Report-To: '{"group":"default","max_age":31536000,"endpoints":[{"url":"https://katriel.report-uri.com/a/d/g"}],"include_subdomains":true}'
     
-    NEL: '{"report_to":"default","max_age":31536000,"include_subdomains":true
-    }'
+    NEL: '{"report_to":"default","max_age":31536000,"include_subdomains":true}'
     
     Content-Security-Policy-Report-Only: default-src 'self';
     Content-Security-Policy-Report-Only: script-src 'report-sample' 'self' https://cdn.ampproject.org;

From 8a3e3ef8e3f1f4a301d731a5615792137a6c4fe8 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:29:29 +0100
Subject: [PATCH 14/21] oopsie 8

---
 index.html | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/index.html b/index.html
index 3b21dbd..6c54802 100644
--- a/index.html
+++ b/index.html
@@ -396,12 +396,9 @@
 .type-csharp .highlight .sc { color: #A31515 }
     </style>
 
-    <!--[if lt IE 9]>
-    <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
-    <![endif]-->
-
     <!-- We're already AMP so let's support it for the little lightning bolt -->
-    <script async type="text/javascript" src="https://cdn.ampproject.org/v0.js"></script>
+    <script async type="text/javascript"
+    src="https://cdn.ampproject.org/v0.js" integrity="sha384-PsO+HTrUDj2ccAEQhe0lAPwaYosAuZgcMOXkNebt5B+FSWfKvx7fGfL0MYy+Im5x" crossorigin="anonymous"></script>
   </head>
   <body>
     <div class="wrapper">

From 17f65334dc73d47c34a2b49b09cf3baa4b8f239e Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:30:14 +0100
Subject: [PATCH 15/21] oopsie 9

---
 _headers | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/_headers b/_headers
index 91373fe..d9d62c8 100644
--- a/_headers
+++ b/_headers
@@ -3,21 +3,21 @@
     
     NEL: '{"report_to":"default","max_age":31536000,"include_subdomains":true}'
     
-    Content-Security-Policy-Report-Only: default-src 'self';
-    Content-Security-Policy-Report-Only: script-src 'report-sample' 'self' https://cdn.ampproject.org;
-    Content-Security-Policy-Report-Only: style-src 'report-sample' 'self' https://fonts.googleapis.com;
-    Content-Security-Policy-Report-Only: object-src 'none';
-    Content-Security-Policy-Report-Only: base-uri 'self';
-    Content-Security-Policy-Report-Only: connect-src 'self';
-    Content-Security-Policy-Report-Only: font-src 'self' https://fonts.gstatic.com;
-    Content-Security-Policy-Report-Only: frame-ancestors 'none';
-    Content-Security-Policy-Report-Only: frame-src 'self';
-    Content-Security-Policy-Report-Only: img-src 'self' https://*.cloudfront.net;
-    Content-Security-Policy-Report-Only: manifest-src 'self';
-    Content-Security-Policy-Report-Only: media-src 'self';
-    Content-Security-Policy-Report-Only: report-uri https://katriel.report-uri.com/r/d/csp/reportOnly;
-    Content-Security-Policy-Report-Only: report-to report-uri;
-    Content-Security-Policy-Report-Only: worker-src 'none';
+    Content-Security-Policy: default-src 'self';
+    Content-Security-Policy: script-src 'report-sample' 'self' https://cdn.ampproject.org;
+    Content-Security-Policy: style-src 'report-sample' 'self' https://fonts.googleapis.com;
+    Content-Security-Policy: object-src 'none';
+    Content-Security-Policy: base-uri 'self';
+    Content-Security-Policy: connect-src 'self';
+    Content-Security-Policy: font-src 'self' https://fonts.gstatic.com;
+    Content-Security-Policy: frame-ancestors 'none';
+    Content-Security-Policy: frame-src 'self';
+    Content-Security-Policy: img-src 'self' https://*.cloudfront.net;
+    Content-Security-Policy: manifest-src 'self';
+    Content-Security-Policy: media-src 'self';
+    Content-Security-Policy: report-uri https://katriel.report-uri.com/r/d/csp/reportOnly;
+    Content-Security-Policy: report-to report-uri;
+    Content-Security-Policy: worker-src 'none';
     
     X-Content-Type-Options: nosniff
     X-Frame-Options: DENY

From 3fd4d16522dc1045779273c91113540036029399 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:31:26 +0100
Subject: [PATCH 16/21] oopsie 10

---
 _headers | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

diff --git a/_headers b/_headers
index d9d62c8..7cb8a71 100644
--- a/_headers
+++ b/_headers
@@ -3,21 +3,7 @@
     
     NEL: '{"report_to":"default","max_age":31536000,"include_subdomains":true}'
     
-    Content-Security-Policy: default-src 'self';
-    Content-Security-Policy: script-src 'report-sample' 'self' https://cdn.ampproject.org;
-    Content-Security-Policy: style-src 'report-sample' 'self' https://fonts.googleapis.com;
-    Content-Security-Policy: object-src 'none';
-    Content-Security-Policy: base-uri 'self';
-    Content-Security-Policy: connect-src 'self';
-    Content-Security-Policy: font-src 'self' https://fonts.gstatic.com;
-    Content-Security-Policy: frame-ancestors 'none';
-    Content-Security-Policy: frame-src 'self';
-    Content-Security-Policy: img-src 'self' https://*.cloudfront.net;
-    Content-Security-Policy: manifest-src 'self';
-    Content-Security-Policy: media-src 'self';
-    Content-Security-Policy: report-uri https://katriel.report-uri.com/r/d/csp/reportOnly;
-    Content-Security-Policy: report-to report-uri;
-    Content-Security-Policy: worker-src 'none';
+    Content-Security-Policy: default-src 'self'; script-src 'report-sample' 'self' https://cdn.ampproject.org; style-src 'report-sample' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://*.cloudfront.net; manifest-src 'self'; media-src 'self'; report-uri https://katriel.report-uri.com/r/d/csp/reportOnly; report-to report-uri; worker-src 'none';
     
     X-Content-Type-Options: nosniff
     X-Frame-Options: DENY

From 445c24523fc060feb67bdb346c05190bae2e6227 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:32:33 +0100
Subject: [PATCH 17/21] oopsie 11

---
 _headers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_headers b/_headers
index 7cb8a71..b6ce9a9 100644
--- a/_headers
+++ b/_headers
@@ -3,7 +3,7 @@
     
     NEL: '{"report_to":"default","max_age":31536000,"include_subdomains":true}'
     
-    Content-Security-Policy: default-src 'self'; script-src 'report-sample' 'self' https://cdn.ampproject.org; style-src 'report-sample' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://*.cloudfront.net; manifest-src 'self'; media-src 'self'; report-uri https://katriel.report-uri.com/r/d/csp/reportOnly; report-to report-uri; worker-src 'none';
+    Content-Security-Policy: default-src 'self'; script-src 'report-sample' 'self' https://cdn.ampproject.org; style-src 'report-sample' 'self' https://fonts.googleapis.com sha256-0+eUWXEzIzayXtwbs4qgGqcUroB222vieZ1QP7fQ6so= sha256-PGXOJdY/N14DFaumETOevn4XJmmnEBUq35DEE7PwXzI= sha256-ERzu1wweqgxgsinDVzlR2NhKKo4DjFon34MAwo+xvWM=; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://*.cloudfront.net; manifest-src 'self'; media-src 'self'; report-uri https://katriel.report-uri.com/r/d/csp/reportOnly; report-to report-uri; worker-src 'none';
     
     X-Content-Type-Options: nosniff
     X-Frame-Options: DENY

From 39e5e38239901942acbfbf7a5f9cf96c474acef3 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:33:36 +0100
Subject: [PATCH 18/21] oopsie 11

---
 _headers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_headers b/_headers
index b6ce9a9..592e827 100644
--- a/_headers
+++ b/_headers
@@ -3,7 +3,7 @@
     
     NEL: '{"report_to":"default","max_age":31536000,"include_subdomains":true}'
     
-    Content-Security-Policy: default-src 'self'; script-src 'report-sample' 'self' https://cdn.ampproject.org; style-src 'report-sample' 'self' https://fonts.googleapis.com sha256-0+eUWXEzIzayXtwbs4qgGqcUroB222vieZ1QP7fQ6so= sha256-PGXOJdY/N14DFaumETOevn4XJmmnEBUq35DEE7PwXzI= sha256-ERzu1wweqgxgsinDVzlR2NhKKo4DjFon34MAwo+xvWM=; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://*.cloudfront.net; manifest-src 'self'; media-src 'self'; report-uri https://katriel.report-uri.com/r/d/csp/reportOnly; report-to report-uri; worker-src 'none';
+    Content-Security-Policy: default-src 'self'; script-src 'report-sample' 'self' https://cdn.ampproject.org; style-src 'report-sample' 'self' https://fonts.googleapis.com 'sha256-0+eUWXEzIzayXtwbs4qgGqcUroB222vieZ1QP7fQ6so=' 'sha256-PGXOJdY/N14DFaumETOevn4XJmmnEBUq35DEE7PwXzI=' 'sha256-ERzu1wweqgxgsinDVzlR2NhKKo4DjFon34MAwo+xvWM='; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://*.cloudfront.net; manifest-src 'self'; media-src 'self'; report-uri https://katriel.report-uri.com/r/d/csp/reportOnly; report-to report-uri; worker-src 'none';
     
     X-Content-Type-Options: nosniff
     X-Frame-Options: DENY

From ec97ad1635c16d554ec7d2f62a9b035986de838d Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:34:17 +0100
Subject: [PATCH 19/21] oopsie

---
 _headers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_headers b/_headers
index 592e827..b010a65 100644
--- a/_headers
+++ b/_headers
@@ -3,7 +3,7 @@
     
     NEL: '{"report_to":"default","max_age":31536000,"include_subdomains":true}'
     
-    Content-Security-Policy: default-src 'self'; script-src 'report-sample' 'self' https://cdn.ampproject.org; style-src 'report-sample' 'self' https://fonts.googleapis.com 'sha256-0+eUWXEzIzayXtwbs4qgGqcUroB222vieZ1QP7fQ6so=' 'sha256-PGXOJdY/N14DFaumETOevn4XJmmnEBUq35DEE7PwXzI=' 'sha256-ERzu1wweqgxgsinDVzlR2NhKKo4DjFon34MAwo+xvWM='; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://*.cloudfront.net; manifest-src 'self'; media-src 'self'; report-uri https://katriel.report-uri.com/r/d/csp/reportOnly; report-to report-uri; worker-src 'none';
+    Content-Security-Policy: default-src 'self'; script-src 'report-sample' 'self' https://cdn.ampproject.org; style-src 'report-sample' 'self' https://fonts.googleapis.com 'sha256-0+eUWXEzIzayXtwbs4qgGqcUroB222vieZ1QP7fQ6so=' 'sha256-PGXOJdY/N14DFaumETOevn4XJmmnEBUq35DEE7PwXzI=' 'sha256-ERzu1wweqgxgsinDVzlR2NhKKo4DjFon34MAwo+xvWM=' 'sha256-PQYtiIZYTtt8E9hjj3jfnmSZ5QHVzfzJgN3hZ+uDKA0='; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://*.cloudfront.net; manifest-src 'self'; media-src 'self'; report-uri https://katriel.report-uri.com/r/d/csp/reportOnly; report-to report-uri; worker-src 'none';
     
     X-Content-Type-Options: nosniff
     X-Frame-Options: DENY

From 0114a2c256337a1ec002dfad228e0719b8738dd4 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:35:23 +0100
Subject: [PATCH 20/21] oopsie

---
 _headers | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/_headers b/_headers
index b010a65..cb091ef 100644
--- a/_headers
+++ b/_headers
@@ -7,4 +7,5 @@
     
     X-Content-Type-Options: nosniff
     X-Frame-Options: DENY
-    X-XSS-Protection: 1;mode=block
\ No newline at end of file
+    X-XSS-Protection: 1;mode=block
+    Referrer-Policy: no-referrer, strict-origin-when-cross-origin
\ No newline at end of file

From ea147dad13b55519dc6763674f36405dc1da1121 Mon Sep 17 00:00:00 2001
From: Katriel Cohn-Gordon <katriel@fb.com>
Date: Mon, 20 Sep 2021 15:36:06 +0100
Subject: [PATCH 21/21] oopsie

---
 _headers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_headers b/_headers
index cb091ef..63c1e97 100644
--- a/_headers
+++ b/_headers
@@ -3,7 +3,7 @@
     
     NEL: '{"report_to":"default","max_age":31536000,"include_subdomains":true}'
     
-    Content-Security-Policy: default-src 'self'; script-src 'report-sample' 'self' https://cdn.ampproject.org; style-src 'report-sample' 'self' https://fonts.googleapis.com 'sha256-0+eUWXEzIzayXtwbs4qgGqcUroB222vieZ1QP7fQ6so=' 'sha256-PGXOJdY/N14DFaumETOevn4XJmmnEBUq35DEE7PwXzI=' 'sha256-ERzu1wweqgxgsinDVzlR2NhKKo4DjFon34MAwo+xvWM=' 'sha256-PQYtiIZYTtt8E9hjj3jfnmSZ5QHVzfzJgN3hZ+uDKA0='; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://*.cloudfront.net; manifest-src 'self'; media-src 'self'; report-uri https://katriel.report-uri.com/r/d/csp/reportOnly; report-to report-uri; worker-src 'none';
+    Content-Security-Policy: default-src 'none'; script-src 'report-sample' 'self' https://cdn.ampproject.org; style-src 'report-sample' 'self' https://fonts.googleapis.com 'sha256-0+eUWXEzIzayXtwbs4qgGqcUroB222vieZ1QP7fQ6so=' 'sha256-PGXOJdY/N14DFaumETOevn4XJmmnEBUq35DEE7PwXzI=' 'sha256-ERzu1wweqgxgsinDVzlR2NhKKo4DjFon34MAwo+xvWM=' 'sha256-PQYtiIZYTtt8E9hjj3jfnmSZ5QHVzfzJgN3hZ+uDKA0='; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://*.cloudfront.net; manifest-src 'self'; media-src 'self'; report-uri https://katriel.report-uri.com/r/d/csp/reportOnly; report-to report-uri; worker-src 'none';
     
     X-Content-Type-Options: nosniff
     X-Frame-Options: DENY