headers->remove('Content-Security-Policy'); $response->headers->remove('Content-Security-Policy-Report-Only'); return $response; } }