![image from Twilio](https://d1x6es5xzge33k.cloudfront.net/pinboard/e26ab6e245108f6e9d2604bdc7337213.jpg)
These security and perfomance changes for websites are easy to add and include some new browser features I wasn't aware of before. I went with the recommendation here for a simple CSP header but it looks like you could really batten down the https hatches with that one if you read through the spec.