It’s 2017, so it’s time to make this blog HTTPS-only, with permanent redirects and HSTS headers and everything.
Apologies to any planets that might get flooded when the RSS feed changes all permalinks to https.
(P.S. Hugo is a pain, as I expected. Content-Security-Policy headers are also made of pain, so I’m skipping one for this blog right now.)