XSS-demo
Content-Security-Policy: default-src 'self'
Content-Security-Policy: default-src 'unsafe-inline' 'self'
Content-Security-Policy: script-src 'self'
Content-Security-Policy: img-src 'self'
Content-Security-Policy: img-src 'self' students.dk