michael@0: Content-Security-Policy: default-src *.example.com