HTTP/1.1 200 OK Content-Security-Policy: sandbox allow-scripts allow-popups allow-popups-to-escape-sandbox;