Content-Type: text/html; charset=UTF-8
Content-Security-Policy: frame-src {{GET[frame_src_policy]}}