Content-Security-Policy-Report-Only: script-src 'self' 'nonce-abc';