// header Content-Security-Policy: upgrade-insecure-requests; // meta tag

block tracking