PSA: Content Security Policy makes no sense on static sites that aren't Web apps and just consist of ordinary pages of content (e.g blogs).
If you operate a personal blog (especially a bespoke one generated with templates and/or tools of your own making) or similar, PLEASE DO NOT ADD CSP DIRECTIVES. If you cargo culted them into your server configuration or <head>, please get rid of them. CSP is user hostile and more often than not just ends up breaking things (like bookmarklets).
