took out default csp policy header

Author: gggritso

globals/secure.conf

@@ -22,7 +22,6 @@ add_header              X-Permitted-Cross-Domain-Policies "master-only";
 
 #### Content Security Policy
 #### http://tautt.com/best-nginx-configuration-for-security/
-add_header              Content-Security-Policy
 add_header              Content-Security-Policy "default-src 'self'"; 
 #### these can get very specific, options below. To really lock things down will take some time to get right
 #add_header             Content-Security-Policy "default-src https: connect-src https: font-src https: data: frame-src https: img-src https: data: media-src https:  object-src https: script-src 'unsafe-inline' 'unsafe-eval' https: style-src 'unsafe-inline' https:";