Content-Security-Policy: script-src http: https: 'nonce-123' 'report-sample'
Content-Security-Policy: object-src 'none'
Content-Security-Policy: require-trusted-types-for 'script'