I just added a Content-Security-Policy header which these days is kind of an expected security feature.
This limits from where your browser will load, scripts, images, media, fonts, etc. and can thus prevent certain attacks.
On the flip side, this can lead to some previously working, but now broken images, postings, logins, sign-ups etc.
If you run into any issue that you think needs fixing, you can post it here or shoot me an PM or email (my nick at website domain).
