Content-Type: text/html; charset=UTF-8
Content-Security-Policy: frame-ancestors {{GET[policy]}}