Content-Security-Policy-Report-Only: script-src 'unsafe-inline'