— #+HTML_HEAD_EXTRA: <meta http-equiv=”Content-Security-Policy” content=”default-src ‘self’ ‘unsafe-inline’; img-src https://*; child-src ‘none’;” /> *