Content-Security-Policy: frame-src 'none'