Content Security Policy (CSP) header not implemented

Mozilla Observatory reports that blog.torproject.org does not have a CSP header: https://observatory.mozilla.org/analyze.html?host=blog.torproject.org

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information