Low mozilla observatory score. (CSP, SRI)

https://observatory.mozilla.org/analyze/gitlab.com Grade D-

Content Security Policy (CSP) header not implemented Subresource Integrity (SRI) not implemented