<!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <title>Bug 1764343 - CSP inheritance for same-origin iframes</title> <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'none'; script-src 'nonce-a' 'nonce-b'; img-src 'none'"> </head> <body> initial content </body> </html>