René Milzarek neotreat

## meta-csp.html
<!doctype html>
<html>
<head>
  <meta http-equiv="Content-Security-Policy" content="default-src 'none';">
</head>
<body>
    ...
</body>
</html>

## http-security-headers-lambda-cloudfront.js
'use strict';

exports.handler = (event, context, callback) => {

    const response = event.Records[0].cf.response;
    const headers = response.headers;

    // Add security headers
    const securityHeaders = [
        [{
	<!doctype html>
	<html>
	<head>
	<meta http-equiv="Content-Security-Policy" content="default-src 'none';">
	</head>
	<body>
	...
	</body>
	</html>
	'use strict';

	exports.handler = (event, context, callback) => {

	const response = event.Records[0].cf.response;
	const headers = response.headers;

	// Add security headers
	const securityHeaders = [
	[{