Add content security policy to mitigate XSS attacks

[GNU-Plus-Windows-User]

Content Security Policy is a security header that is designed to mitigate XSS vulnerabilities.
Brax.me can easily adopt CSP by putting all Javascript files within a nonce that is randomly generated with each request. By implimenting Content Security Policy brax.me will be immune to many types of XSS attacks.
https://scotthelme.co.uk/content-security-policy-an-introduction/

[Neustradamus]

@robbraxman: Have you progressed on it?