Here's a start: `Content-Security-Policy-Report-Only: "default-src 'self'; object-src 'none'; media-src *; frame-src 'none'; connect-src 'none'; report-uri https://strugee.report-uri.com/r/d/csp/enforce"`
Here's a start:
Content-Security-Policy-Report-Only: "default-src 'self'; object-src 'none'; media-src *; frame-src 'none'; connect-src 'none'; report-uri https://strugee.report-uri.com/r/d/csp/enforce"