Content Security Policy

To mitigate against cross-site scripting it is recommended websites use a content security policy. To add a policy to all pages modify your site settings:

[page.http-equiv]
content-security-policy = "default-src 'self'; style-src 'self' 'unsafe-inline';"

If you need to change the content security policy for certain pages you can override the default setting in the page front matter:

[http-equiv]
content-security-policy = "..."