Content-Security-Policy: script-src http: https: 'nonce-123' 'unsafe-eval'
Content-Security-Policy: object-src 'none'
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'