Content-Security-Policy: sandbox allow-scripts;
Content-Security-Policy: trusted-types AllowedPolicyName default;
Content-Security-Policy: require-trusted-types-for 'script';