Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.youtube.com https://www.youtube-nocookie.com https://*.google.com https://*.gstatic.com blob:;