Content-Security-Policy: default-src *; style-src * 'unsafe-inline';