Content-Security-Policy: script-src https://cdnjs.cloudflare.com 'unsafe-eval';
script-src https://cdnjs.cloudflare.com 'unsafe-eval';
This page allows 'unsafe-eval'. Try injecting a script: