Content-Security-Policy: script-src {{host}}:{{ports[http][0]}} 'nonce-specified'