CSP demo
Current metatag:
<meta http-equiv="Content-Security-Policy" content="script-src 'unsafe-inline' 'self' https://*">
