It says:
Your server sends this header in response:
Content-Security-Policy-Report-Only:default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src https://* about: javascript:; img-src chrome-extension:
I've tried it both in Chromium and Firefox, works in neither.
Thank you very much for your detailed report!
I see these warnings in my browser's console as well, but the site works for me. Report-only policy shouldn't cause problems, maybe it depends on browser settings...
Will look deeper into it and fix it.
