Loading resources over HTTP from an HTTPS page:
These will trigger Content-Security-Policy violations:
Loading scripts and resources from many external domains: