I was trying to get an A+ rating from securityheaders.com, it repsonds with
Content-Security-Policy This policy contains 'unsafe-inline' which is dangerous in the style-src directive.
Which is caused by,
$ cd /your-site-route
$ grep -R style-src * | grep unsafe
lib/private/legacy/response.php: . 'style-src \'self\' \'unsafe-inline\'; '
Can this be worked round?