11.7 Content-Security-Policy is used correctly

Verify that the Content Security Policy V2 (CSP) is in use in a way that either disables inline JavaScript or provides an integrity check on inline JavaScript with CSP noncing or hashing.

Levels: 1, 2, 3