Content-Security-Policy: default-src *; script-src * 'unsafe-eval'