<!DOCTYPE HTML>
<html>
<head>
  <meta charset="utf-8">
  <title>Bug 1764343 - CSP inheritance for same-origin iframes</title>
  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'none'; script-src 'nonce-a' 'nonce-b'; img-src 'none'">
</head>
<body>
  initial content
</body>
</html>