Improve security based on Mozilla Observatory test

https://observatory.mozilla.org/analyze.html?host=2017.keeprubyweird.com

Author: calebhearth

static.json

@@ -1,11 +1,15 @@
 {
-  "root": "_site/",
   "clean_urls": true,
-  "https_only": true,
-  "redirects": {
-    "/code-of-conduct": {
-      "url": "/conduct",
-      "status": 301
+  "headers": {
+    "/**": {
+      "Content-Security-Policy": "default-src 'self'; script-src https://static.ads-twitter.com https://www.google-analytics.com; img-src 'self' https://s3.amazonaws.com https://twitter.com https://pbs.twimg.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com; frame-ancestors 'none';",
+      "Strict-Transport-Security": "max-age=63072000; includeSubDomains; preload",
+      "X-Content-Type-Options": "nosniff",
+      "X-Frame-Options": "DENY",
+      "X-XSS-Protection": "1; mode=block"
     }
-  }
+  },
+  "https_only": true,
+  "redirects": {"/code-of-conduct": {"status": 301, "url": "/conduct"}},
+  "root": "_site/"
 }