Content-Type: text/html
Content-Security-Policy: connect-src 'self'