see https://securityheaders.com/?q=blog.fresel.at&hide=on&followRedirects=on
Strict-Transport-Security max-age=15768000; preload
X-Frame-Options DENY
X-XSS-Protection 1; mode=block
X-Content-Type-Options nosniff
Content-Security-Policy default-src https: 'self' blog.fresel.at public-api.wordpress.com s0.wp.com s01.wp.com s2.wp.com; script-src 'self' 'unsafe-eval' c0.wp.com c01.wp.com s0.wp.com s1.wp.com s2.wp.com stats.wp.com blog.fresel.at 'unsafe-inline'; img-src * 'self' data:; style-src 'self' 'unsafe-inline' c0.wp.com c1.wp.com s0.wp.com s1.wp.com s2.wp.com fonts.googleapis.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com c0.wp.com c1.wp.com s0.wp.com s1.wp.com
Referrer-Policy same-origin
Feature-Policy microphone 'none'; payment 'none'; sync-xhr 'self' https://blog.fresel.at
Grade capped at A, please see warnings below.
Warnings
Content-Security-Policy This policy contains ‘unsafe-inline‘ which is dangerous in the script-src directive. This policy contains ‘unsafe-eval‘ which is dangerous in the script-src directive.
My Comment: This is a WordPress-site and without these arguments the site will not load sucessfully.