Content-Security-Policy (CSP): how to allow svg image …
header("Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.gstatic.com https://*.googleapis.com; img-src 'self' https://*.gstatic.com https://*.googleapis.com data:;");