_headers

/*
  Strict-Transport-Security: max-age=31536000; includeSubDomains
  X-Content-Type-Options: nosniff
  Referrer-Policy: strict-origin-when-cross-origin
  X-Frame-Options: ALLOW-FROM https://*.monday.com
  Permissions-Policy: accelerometer=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(self),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=()
  Content-Security-Policy: default-src 'none'; frame-src 'self' https://*.configcat.com; script-src 'self' https://*.configcat.com https://*.cloudflareinsights.com; style-src 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://*.configcat.com https://*.cloudinary.com; connect-src 'self' https://*.configcat.com https://*.monday.com https://*.cloudflareinsights.com; object-src 'none'; child-src 'self' blob:; frame-ancestors https://*.configcat.com https://*.monday.com; upgrade-insecure-requests; block-all-mixed-content;