Portal setup: content security policy (CSP) header