bugfix for boolean CSP directives
@stefansundin noticed that supplying false to "boolean" CSP directives (e.g. upgrade-insecure-requests and block-all-mixed-content) would still include the value.
@stefansundin noticed that supplying false to "boolean" CSP directives (e.g. upgrade-insecure-requests and block-all-mixed-content) would still include the value.