Add secure headers
See the securityheaders.com report, some security headers are missing.
django-csp needs to be packaged in our repos to be enabled and configured for Content-Security-Policy.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information