Bug 237419

1. Go to https://www.mollysastrology.com 2. Check the HTTP Response The value for HTTP Response HTTP/2 200 OK date: Thu, 03 Mar 2022 11:40:47 GMT content-type: text/html; charset=UTF-8 content-length: 20900 cache-control: public, max-age=0 expires: Thu, 03 Mar 2022 11:40:47 GMT last-modified: Wed, 02 Mar 2022 19:10:07 GMT accept-ranges: bytes content-encoding: gzip vary: Accept-Encoding wpx: 1 strict-transport-security: max-age=31536000; includeSubDomains x-xss-protection: 1; mode=block content-security-policy: default-src �self�; alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" x-turbo-charged-by: LiteSpeed x-edge-location: WPX CLOUD/TYO02 server: WPX CLOUD/TYO02 x-cache-status: MISS X-Firefox-Spdy: h2 Check this specific Header. content-security-policy: default-src �self�; Expected: This is to be determined. Actual: Currently Safari Tech Preview and Edge Blink Canary do not have any issues with it. Firefox bails out on all subsequent resources and displays only the HTML page (without JS and CSS). Note: This probably requires to dig into the specification and determine 1. what the spec says 2. what is the best course of actions. Change the spec or align the implementations of Gecko, Blink and WebKit Basically this creates a Webcompat issue https://github.com/webcompat/web-bugs/issues/100417