I have content security policy headers defined for my site. However, I have nothing defined for script-src. When I load a certain page from my site in Firefox 76.0 I see the following messages in the console: Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 8 utils.js:35:9 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 2 gps.js:231:11 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 4 utils.js:35:9 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). gps.js:231:11 Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 3 utils.js:35:9 When I load the same page in Chromium, I see no such messages in the console. Furthermore, there are no utils.js and gps.js scripts in the source of the loaded page. Finally, I see no problems with the display or the functionality of the page. Clearing all the cookies and the caches (local and server) has no impact on this issue. There are many other javascripts on the page, both inline and not, which do not appear to be affected but the existing settings. So, my questions: 1) Why do these messages appear? 2) Is this an issue that I need to fix or can I safely ignore it? 3) what do the numbers after the script names mean? (gps.js:231:11 utils.js:35:9)