W
Will Munroe
Currently it looks like there is a Content-Security-Policy-Report-Only, but I think it's time to set a CSP. Even if we go with the less than ideal 'unsafe-inline'.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
July 19, 2024