- // hsr.addHeader("Content-Security-Policy",
- // "default-src 'self'; report-uri https://felix.dogcraft.de/report.php");
+ hsr.addHeader("Content-Security-Policy", "default-src 'self' https://"
+ + ServerConstants.getStaticHostNamePort()
+ + " https://www.cacert.org/*;frame-ancestors 'none'");
+ // ;report-uri https://felix.dogcraft.de/report.php