Content-Security-Policy: default-src * ; style-src 'none' 'unsafe-inline';