Content-Security-Policy: connect-src 'none'
Content-Security-Policy: trusted-types 'none'