Ever since the "Hardening the SixXS Website" news announcement, websites visited using *.sixxs.org do not render correctly because of the "Content-Security-Policy:default-src 'self'" header. For example, opening yahoo.com.sixxs.org in Google Chrome gives the following errors in the console, each one repeated dozens of times: Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. Refused to load the stylesheet '<URL>' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. Refused to load the image '<URL>' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback. Is there anything I can do to work around this?