Do not connect js Content Security Policy directive: "script-src 'self'

Extensions
3

For the application, be sure to https?