<meta
http-equiv="Content-Security-Policy"
content="script-src 'self' 'unsafe-eval' 'unsafe-inline' ;
object-src xxx.xxx.com ;
style-src 'unsafe-inline' xxx.xxx.com;
child-src https:"
/>
<script>
if (top.location != self.location) {top.location=self.location;}
</script>