Contents cache demo

Content Security Policy

Hi,

Is there a way to setup Content Security Policy headers to avoid XSS attacks? AFAIK Nuxt injects inline js globals in production so at the moment this is not possible?
Some reference: https://medium.com/square-corner-blog/content-security-policy-for-single-page-web-apps-78f2b2cf1757

P.S. I know I can set headers with ServerMiddleware.

_{This question is available on Nuxt.js community (#c2101)}