Content-Security-Policy:
    default-src 'self';
    style-src 'self' css.example.com;
    img-src *.example.com;
    script-src 'unsafe-eval' 'self' js.example.com 'nonce-Nc3n83cnSAd3wc3Sasdfn939hc3'