<!DOCTYPE html>
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">