Header set Content-Security-Policy "base-uri 'self';"