HTTP/1.1 200 OK
Content-Type: text/html
Content-Security-Policy: script-src 'none'; report-uri /csp