Implement CSP HTTP header

Originally created by @Anonymous on #13450 (Redmine)

https://observatory.mozilla.org/analyze.html?host=tails.boum.org says we should implement the Content Security Policy (CSP) HTTP header.

Related issues

Related to #15060 (closed)
Related to #16078 (closed)
Blocked by sysadmin#14588 (closed)

Edited May 15, 2020 by Anonymous

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information