michael@0: Content-Security-Policy: default-src 'self' ; script-src 'self' 'unsafe-inline'
michael@0: Cache-Control: no-cache